Displaying items by tag: REvil

A seasoned ransomware threat researcher has warned against taking any of the chatter around the disappearance of the Windows REvil ransomware group for a second time seriously, given that the forums on which these posts are heavily monitored.

GUEST RESEARCH: On 16 September, our security researchers, in collaboration with a trusted law enforcement partner, released a universal decryptor to help victims of REvil ransomware recover their data.

A threat actor, who claims to have worked for the REvil ransomware group among others, has cast doubt on the common tendency to associate individuals from a particular country who do such work as acting for the governments of the same countries.

Issues have been identified with a decryptor released by security firm Bitdefender for files encrypted by the REvil ransomware group before it temporarily disappeared on 13 July.

Security vendor Bitdefender has released a universal decryptor for files encrypted by the REvil ransomware before 13 July 2021.

The website of the prolific ransomware group REvil has come back online about two months after it disappeared following an attack on a number of managed service providers.

In its latest research, Sophos warns the severity and damage that the REvil ransomware may inflict on organisations. The research also gives measures on how organisations can detect the attack and prevent further damage.

Zscaler's latest ransomware report says manufacturing is the industry most targeted by double-extortion ransomware.

Australian healthcare provider UnitingCare Queensland has identified the Windows ransomware that hit its systems on 25 April as the REvil strain, aka Sodinokibi.

A cybersecurity researcher persuaded Ragnar Locker ransomware operators into thinking they were a cybercriminal and to offer a job. The researcher has released information on the gang’s payout structure, cash-out schemes, and target acquisition strategies providing a look behind the scenes into the real business of shadowy underground criminal syndicates - and the millions of dollars it brings in.

Schematics for Apple's presumed 2021 MacBook designs, along with those of other tech companies that Quanta manufactures devices for, have been stolen in a ransomware attack by the REvil group, and a senior security researcher at Kaspersky explains what is going on.

Windows ransomware groups have been devising newer and newer ways of putting pressure on their victims to pay up. The latest tactic seems to be finding digital traces of someone who is looking at porn during office hours - and then embarrassing the organisation in question and forcing a payment.

Incident response firm Coveware has deleted a small portion of an article it had posted online in 2019, after the actors behind the REvil ransomware group — also known as Sodinokibi — used it to promote the efficiency of their own decryptor over that of the one used by rival ransomware actor, Ryuk.

The world's sixth largest PC maker, Acer, appears to have been hit by the Windows REvil ransomware — aka Sodinokibi — and the Taiwan-based company says it has reported "recent abnormal situations observed" to law enforcement.

Premier aircraft leasing asset manager SKY Leasing has been hit by a gang of cyber criminals using the Windows Avaddon ransomware and the attackers have leaked 20 files of the company's data on the dark web.

Security firm Intel 471 claims to have discovered a pattern in ransomware attacks over the past 18 months, with a growing inter-dependence between the actual attackers and those who sell access to compromised systems.

Argentina's official country portal has been hit by malicious attackers using the Windows REVil ransomware who claim they have exfiltrated 50GB of information.

An Australian firm that was hit by the Windows REvil ransomware earlier this month has said that it has dealt with the incident fully, having been ready to do so by upgrading its defences over the last few years

Malicious attackers who used the Windows REvil ransomware to attack Nexia Australia and New Zealand, a network of solutions-focused accountancy and consultancy firms, have re-listed the company on their dark web site, along with screenshots of data that has been allegedly filched during the attack.

A Melbourne firm which suffered a hit from cyber criminals using the Windows REvil ransomware has denied that any data was exfiltrated from its site, as was reported in these columns.