Law enforcement agencies, as well as European and American authorities, have taken up the fight against ransomware in earnest and the other day they arrested a Kaseya hacker. However, over the past few days, several important events have taken place at once. Operation Cyclone, which was carried out by Interpol, the law enforcement agencies of… Continue reading US authorities arrest Kaseya hacker and attacker associated with REvil and GandCrab
Tag: Sodinokibi
REvil ransomware stopped working again, now after hacking sites
The REvil encryptor stopped working again – all operations were stopped, as an unknown person hacked the group’s website, through which hackers accepted payments from victims and “leaked” data stolen from companies. Bleeping Computer reports that all Tor sites of the group have been disabled, and a representative of REvil posted a message on the… Continue reading REvil ransomware stopped working again, now after hacking sites
Ukrainian cyber police arrested ransomware operators who “earned” $150 million
Ukrainian Cyber Police have arrested two operators of an unnamed ransomware. It is reported that the operation was carried out jointly by the Ukrainian and French police, the FBI, Europol and Interpol. The suspects are believed to have been involved in attacks on 100 North American and European companies, “earning” in this way over $… Continue reading Ukrainian cyber police arrested ransomware operators who “earned” $150 million
REvil ransomware resumed attacks
Last week, the infrastructure of REvil (Sodinokibi) returned online after months of downtime, and now the ransomware has resumed attacks. The fact is that in July 2021, the hack group went offline without giving any reason. Then it was a question of shutting down an entire network of conventional and darknet sites that were used… Continue reading REvil ransomware resumed attacks
Servers of the hack group REvil are back online
In July 2021, the infrastructure of REvil (Sodinokibi) was turned off without explanation, but now the information security specialists have noticed that the REvil servers are back online. It was about a whole network of conventional and darknet sites that were used to negotiate a ransom, leak data stolen from victims, as well as the… Continue reading Servers of the hack group REvil are back online
Ransomwares doesn’t always delete stolen data after paying the ransom
Researchers from Coveware have provided statistics that ransomwares does not always delete the data it have stolen and made recommendations to potential victims. In 2019, Maze ransomware operators began using a new double-ransom tactic, in which attackers steal unencrypted files and then threaten to publish them if the ransom is not paid. Many groups have… Continue reading Ransomwares doesn’t always delete stolen data after paying the ransom
REvil Operators Demand $7.5 Million Ransom from Argentine Internet Provider
Last weekend, one of Argentina’s largest internet providers, Telecom Argentina, suffered from REvil (Sodinokibi) ransomware attack. Malware has infected about 18,000 computers, and now REvil operators demand $7.5 million from the company. The ZDNet magazine writes that the attackers managed to gain domain administrator rights, thanks to which the ransomware quickly spread to 18,000 workstations.… Continue reading REvil Operators Demand $7.5 Million Ransom from Argentine Internet Provider
IS specialists studied working methods of the REvil (Sodinokibi) ransomware operators
Information security specialists of the Danish provider KPN applied sinkholing to REvil (Sodinokibi) cryptographic servers and studied the working methods of one of the largest ransomware threats today. Recall that REvil works under the “ransomware as a service” (RaaS) scheme, which means malware is leased to various criminal groups. “Because there are many groups, as… Continue reading IS specialists studied working methods of the REvil (Sodinokibi) ransomware operators
Citrix releases new patches, racing with the hackers that install encryptors on vulnerable machines
Destructive race: Citrix releases new patches, and hackers are actively attacking vulnerable servers and installing encryption engines on them. It seems that users are losing. At the beginning of this year was discovered CVE-2019-19781 vulnerability, which affects a number of versions of Citrix Application Delivery Controller (ADC), Citrix Gateway, as well as two old versions… Continue reading Citrix releases new patches, racing with the hackers that install encryptors on vulnerable machines