REvil Ransomware Group Resurfaces Online

Following the news that the operators behind the REvil ransomware group have resurfaced after allegedly closing shop following the widespread attack on Kaseya, please see below comments from security experts.

Experts Comments

September 09, 2021
Dimitris Strevinas
CTO
Obrela Security Industries

Why would REvil be back online?
REvil, apart from an extortion group, could also be considered a brand name. It is easier to pay ransoms to well-known groups than newcomers.

Should we expect more attacks?
Of course. Unless it is a hoax onion site, and this could be validated, more attacks should be expected. We believe that the people behind the attack on Kaseya are not standing still.

Does the fact they are using the same infrastructure as previously mean the attackers could be easier to catch?

.....Read More

Why would REvil be back online?
REvil, apart from an extortion group, could also be considered a brand name. It is easier to pay ransoms to well-known groups than newcomers.

Should we expect more attacks?
Of course. Unless it is a hoax onion site, and this could be validated, more attacks should be expected. We believe that the people behind the attack on Kaseya are not standing still.

Does the fact they are using the same infrastructure as previously mean the attackers could be easier to catch? Why would they make such a rookie mistake?
There are many layers to hide the identity of the origin. Especially the use of the same group name looks like a thought-through and confident move.

  Read Less
September 09, 2021
Chris Sedgwick
Security Operations Director
Sy4Security

Hacker groups disappearing when things heat up is something we have seen frequently in the past, with cases like Emotet or Anonymous. When groups do disappear, it is generally to buy some time and take the limelight off them from law enforcement agencies, and it rarely means they are disappearing for good. On the assumption that this is indeed the same threat group operating the infrastructure, we would expect to see a new ransomware variant from the group in the near future, but with a much

.....Read More

Hacker groups disappearing when things heat up is something we have seen frequently in the past, with cases like Emotet or Anonymous. When groups do disappear, it is generally to buy some time and take the limelight off them from law enforcement agencies, and it rarely means they are disappearing for good. On the assumption that this is indeed the same threat group operating the infrastructure, we would expect to see a new ransomware variant from the group in the near future, but with a much more carefully selected victims to keep the media and Government attention off them as much as possible.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.