The operators behind the REvil ransomware-as-a-service (RaaS) staged a shock return after a two-month hiatus following the extensively publicized assault on expertise companies supplier Kaseya on July 4.
Two of the darkish internet portals, together with the gang’s Glad Weblog knowledge leak web site and its cost/negotiation web site, have resurfaced on-line, with the latest sufferer added on July 8, 5 days earlier than the websites mysteriously went off the grid on July 13. It isn’t instantly clear if REvil is again within the recreation or if they’ve launched new assaults.
“Sadly, the Glad Weblog is again on-line,” Emsisoft menace researcher Brett Callow tweeted on Tuesday.
The event comes just a little over two months after a wide-scale supply chain ransomware attack aimed toward Kaseya, which noticed the Russia-based cybercrime gang encrypting roughly 60 managed service suppliers (MSPs) and over 1,500 downstream companies utilizing a zero-day vulnerability within the Kaseya VSA distant administration software program.
In late Might, REvil additionally spearheaded the attack on the world’s largest meat producer JBS, forcing the corporate to shell out $11 million in ransom to the extortionists to get better from the incident.
Following the assaults and elevated worldwide scrutiny within the wake of the worldwide ransomware disaster, the group took its darkish internet infrastructure down, resulting in speculations that it might have quickly ceased operations with the purpose of rebranding beneath a brand new identification in order to draw much less consideration.
REvil, also referred to as Sodinokibi, emerged because the fifth mostly reported ransomware strains in Q1 2021, accounting for 4.60% of all submissions within the quarter, according to statistics compiled by Emsisoft.