It turns out that REvil, the world’s most dangerous ransomware group, dismantled by a joint Russian-US operation, is back.
For REvil, seen as one of the world’s most dangerous ransomware gangs, a frightening explanation came from experts. As it will be remembered, the group was disbanded in January after its members were arrested by Russia. All his assets were also confiscated.
The REvil group, which has left many respected names, including US presidents, in a difficult situation with its successive cyber attacks, even hacked Apple’s supplier Quanta Computer. In this way, the design of the 2021 model MacBook Pro was revealed before the official introduction. Months later, the footprints of the famous band were found again.
The REvil ransomware is back
Cybersecurity experts at Secureworks examined samples of files recently uploaded to the online antivirus scanning service VirusTotal. As a result of the investigation, they concluded that the people or entities behind the detected malware also had access to the source code of the REvil ransomware previously.
This is interpreted as a harbinger that the REvil ransomware may have returned. “The identification of multiple specimens with different modifications and the absence of an official new version indicate that REvil is being actively developed,” the experts said in a statement.
Regardless of this research, there is also a new website that is claimed to be owned by REvil. Older versions of ransomware could not harm if they controlled the geographical location of the victim and had certain krits (for example, in a Russian-speaking place). However, in the new version, this limitation is stated to have disappeared.
Prior to Secureworks, cybersecurity firms, including Avast, Advanced Intel and R3MRUM, had warned of a resurgence of the REvil ransomware.