The researchers found that the creators of REvil deceived their partners using a scheme that allowed them to decrypt any systems blocked by the ransomware and take the entire ransom for themselves. Their partners ended up with nothing. Let me remind you that REvil (aka Sodinokibi) has existed since 2019 and is considered to be… Continue reading Hack group REvil deceived their partners due to a backdoor
Tag: REVil Attacks
FBI Kept Secret Key To Decrypt Data After REvil Attacks
Journalists of The Washington Post found out how the FBI obtained the key to decrypt the data, which was affected in the attacks of the REvil ransomware. First, should be recalled that the background of what is happening: last week Bitdefender published a universal utility for decrypting files affected by the attacks of the ransomware… Continue reading FBI Kept Secret Key To Decrypt Data After REvil Attacks
Added utility for decrypting data after REvil attacks
The Romanian company Bitdefender has published a universal utility for decrypting data affected by REvil (Sodinokibi) ransomware attacks. The tool works for any data encrypted before July 13, 2021. However, the company has so far refused to provide any details, citing an ongoing investigation. Let me remind you that on July 13 of this year… Continue reading Added utility for decrypting data after REvil attacks
REvil ransomware resumed attacks
Last week, the infrastructure of REvil (Sodinokibi) returned online after months of downtime, and now the ransomware has resumed attacks. The fact is that in July 2021, the hack group went offline without giving any reason. Then it was a question of shutting down an entire network of conventional and darknet sites that were used… Continue reading REvil ransomware resumed attacks
Servers of the hack group REvil are back online
In July 2021, the infrastructure of REvil (Sodinokibi) was turned off without explanation, but now the information security specialists have noticed that the REvil servers are back online. It was about a whole network of conventional and darknet sites that were used to negotiate a ransom, leak data stolen from victims, as well as the… Continue reading Servers of the hack group REvil are back online
REvil ransomware operators attacked Acer and demand $50,000,000
The REvil ransomware attacked the Taiwanese company Acer (the sixth-largest computer manufacturer in the world, accounting for about 6% of all sales). Cybercriminals are demanding from the manufacturer $50,000,000, which is the largest ransom in history. At the end of last week, the hackers posted a message on their website that they had hacked Acer,… Continue reading REvil ransomware operators attacked Acer and demand $50,000,000
REvil Operators Demand $7.5 Million Ransom from Argentine Internet Provider
Last weekend, one of Argentina’s largest internet providers, Telecom Argentina, suffered from REvil (Sodinokibi) ransomware attack. Malware has infected about 18,000 computers, and now REvil operators demand $7.5 million from the company. The ZDNet magazine writes that the attackers managed to gain domain administrator rights, thanks to which the ransomware quickly spread to 18,000 workstations.… Continue reading REvil Operators Demand $7.5 Million Ransom from Argentine Internet Provider
IS specialists studied working methods of the REvil (Sodinokibi) ransomware operators
Information security specialists of the Danish provider KPN applied sinkholing to REvil (Sodinokibi) cryptographic servers and studied the working methods of one of the largest ransomware threats today. Recall that REvil works under the “ransomware as a service” (RaaS) scheme, which means malware is leased to various criminal groups. “Because there are many groups, as… Continue reading IS specialists studied working methods of the REvil (Sodinokibi) ransomware operators