Displaying items by tag: Sodinokibi

Authorities in Romania have arrested two men suspected of using the REvil Windows ransomware in some 5000 attacks, the Europol police agency says in a somewhat rambling statement.

The REvil ransomware group was taken offline by intelligence agencies and law enforcement from the US and a number of its allies, the news agency Reuters claims.

Issues have been identified with a decryptor released by security firm Bitdefender for files encrypted by the REvil ransomware group before it temporarily disappeared on 13 July.

The website of the prolific ransomware group REvil has come back online about two months after it disappeared following an attack on a number of managed service providers.

Zscaler's latest ransomware report says manufacturing is the industry most targeted by double-extortion ransomware.

Australian healthcare provider UnitingCare Queensland has identified the Windows ransomware that hit its systems on 25 April as the REvil strain, aka Sodinokibi.

Incident response firm Coveware has deleted a small portion of an article it had posted online in 2019, after the actors behind the REvil ransomware group — also known as Sodinokibi — used it to promote the efficiency of their own decryptor over that of the one used by rival ransomware actor, Ryuk.

The world's sixth largest PC maker, Acer, appears to have been hit by the Windows REvil ransomware — aka Sodinokibi — and the Taiwan-based company says it has reported "recent abnormal situations observed" to law enforcement.

Premier aircraft leasing asset manager SKY Leasing has been hit by a gang of cyber criminals using the Windows Avaddon ransomware and the attackers have leaked 20 files of the company's data on the dark web.

Argentina's official country portal has been hit by malicious attackers using the Windows REVil ransomware who claim they have exfiltrated 50GB of information.

An Australian firm that was hit by the Windows REvil ransomware earlier this month has said that it has dealt with the incident fully, having been ready to do so by upgrading its defences over the last few years

Security researchers have found that ransomware gangs are keeping in step with IT industry trends, with a new Windows ransomware strain, RegretLocker, able to encrypt data on virtual disks.

Malicious attackers who used the Windows REvil ransomware to attack Nexia Australia and New Zealand, a network of solutions-focused accountancy and consultancy firms, have re-listed the company on their dark web site, along with screenshots of data that has been allegedly filched during the attack.

Nexia Australia and New Zealand, a network of solutions-focused accountancy and consultancy firms, has been hit by cyber criminals using the Windows REvil ransomware. (Nexia has contested this story and its version of events is here.)

The use of improperly secured Remote Desktop Protocol connections on Windows machines has been found to be the biggest entry point for ransomware, according to a quarterly evaluation by Coveware, a company that is intimately involved in handling such attacks.

Cyber criminals have used the Windows REvil ransomware to attack the Las Vegas-based Gaming Partners International Corporation, a manufacturer and supplier of casinos table game equipment.

Webroot has released its annual list of the Nastiest Malware, "revealing phishing, botnet attacks and ransomware as 2020’s most vicious cybersecurity threats".

A man who claims to be a member of the group behind the Windows REvil ransomware says the group takes in more than US$100 million (A$1.4 million) annually through ransom payments.

The Meinhardt Group, an engineering consultancy with 51 offices worldwide and 5000 employees, appears to have been attacked by a group using the REvil ransomware last month.

Cyber criminals who breached the infrastructure of the American IT staffing company Artech Information Systems and then used the Windows REvil ransomware, which is also known as Sodinokibi, to encrypt files on-site, appear to have staged a second attack on the same firm using the Maze ransomware and released all the data that they stole in the second attack on a dark web site.