Displaying items by tag: REvil

GUEST RESEARCH: On 29 August 2023, US law enforcement announced a multinational operation that disrupted the Qakbot botnet (also known as Qbot) and associated infrastructure. Secureworks Counter Threat Unit (CTU) researchers have long maintained active monitoring of the botnet and detected the disruption activity on 25 August.

Australian law enforcement agencies appear to have resorted to psyops in a bid to send a message to network attackers that Australia is not the best place to do business.

The ransomware group behind the Medibank Group attack claims it initially demanded US$10 million (A$15.55 million) as a ransom, but is willing to accept US$9.7 million instead – US$1 for each customer the company claims is at risk. Ransomware largely attacks Microsoft's Windows operating system.

A ransomware group that on Tuesday threatened to post data stolen from medical insurer Medibank Group on the dark web has kept its word and released a small sample of what it claims is the data it appropriated.

COMPANY NEWS: Radware, a leading provider of cyber security and application delivery solutions, today released its First Half 2022 Global Threat Analysis Report. The mid-year report leverages intelligence provided by network and application attack activity sourced from Radware's cloud and managed services, global deception network, and threat research team.

A man accused of being behind the attack on Kaseya, a managed services provider, in July last year, has appeared in court in Texas and been arraigned.

McAfee Enterprise and FireEye have come together to create a resilient digital world as Trellix, and the new company’s first research report has come out. It reveals the magnitude of the Log4j vulnerability which dominated headlines and the focus of security teams and defenders alike - along with other insights into security issues in the third quarter of 2021. The report is a fascinating - and deeply sobering - read.

McAfee Enterprise and FireEye have come together to create a resilient digital world as Trellix, and the new company’s first research report has come out. It reveals the magnitude of the Log4j vulnerability which dominated headlines and the focus of security teams and defenders alike - along with other insights into security issues in the third quarter of 2021. The report is a fascinating - and deeply sobering - read.

Security vendor WatchGuard Technologies has published its latest quarterly Internet Security Report. Findings for Q3 2021 include a decrease in total perimeter malware detection volume, although endpoint malware detections had already surpassed the total for 2020, with Q4 2021 data yet to be reported.

Ransomware attacks on Windows systems in the US during 2021 showed a small dip from the previous year, with 2323 local governments, schools and healthcare providers hit, the security firm Emsisoft reports.

Authorities in Romania have arrested two men suspected of using the REvil Windows ransomware in some 5000 attacks, the Europol police agency says in a somewhat rambling statement.

Another Windows ransomware group, BlackMatter, appears to have shut down operations, according to a message sent out by the people behind the group.

A number of Windows ransomware gangs have reacted to the reported takedown of the REvil gang, with one of them, Darkside, now known as BlackMatter, moving some of the bitcoin it holds, according to a statement from the cryptocurrency tracking firm Elliptic.

The REvil ransomware group was taken offline by intelligence agencies and law enforcement from the US and a number of its allies, the news agency Reuters claims.

A seasoned ransomware threat researcher has warned against taking any of the chatter around the disappearance of the Windows REvil ransomware group for a second time seriously, given that the forums on which these posts have appeared are heavily monitored.

GUEST RESEARCH: On 16 September, our security researchers, in collaboration with a trusted law enforcement partner, released a universal decryptor to help victims of REvil ransomware recover their data.

A threat actor, who claims to have worked for the REvil ransomware group among others, has cast doubt on the common tendency to associate individuals from a particular country who do such work as acting for the governments of the same countries.

Issues have been identified with a decryptor released by security firm Bitdefender for files encrypted by the REvil ransomware group before it temporarily disappeared on 13 July.

Security vendor Bitdefender has released a universal decryptor for files encrypted by the REvil ransomware before 13 July 2021.

The website of the prolific ransomware group REvil has come back online about two months after it disappeared following an attack on a number of managed service providers.