Ransom Cartel – REvil Rebrand?

By   ISBuzz Team
Writer , Information Security Buzz | Oct 24, 2022 01:40 am PST

It has been reported that researchers have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil gang based on code similarities in both operations’ encryptors.

The REvil ransomware gang finally shut down in October 2021 following intense pressure from law enforcement. However, in January 2022, the Russian authorities announced arrests, money seizures, and charges against eight of the gang’s members.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Gareth Lindahl-wise
Gareth Lindahl-wise , Chief Security Advisor
October 24, 2022 9:48 am

Direct attribution is always difficult with cyber criminals. I think we are looking at either members of REvil who focused on the encryption/decryption side who have joined (or started Ransom Cartel) or we are looking at a ‘liberation’ of part of the source code from REvil.

The similarities between encryption between the two lead you to that conclusion.

It doesn’t seem to be a rebranding of REvil, as there are some useful techniques missing from the Ransom Cartel playbook – especially around how the ransomware obfuscates itself – but some new features to retrieve credentials.

Looks like there is a new band in town, but we might have met some of the members before.

Last edited 1 year ago by gareth.lindahl-wise

Recent Posts

Would love your thoughts, please comment.x