It has been reported that researchers have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil gang based on code similarities in both operations’ encryptors.

The REvil ransomware gang finally shut down in October 2021 following intense pressure from law enforcement. However, in January 2022, the Russian authorities announced arrests, money seizures, and charges against eight of the gang’s members.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Gareth.lindahl-wise
Gareth.lindahl-wise , Chief Security Advisor
InfoSec Expert
October 24, 2022 9:48 am

Direct attribution is always difficult with cyber criminals. I think we are looking at either members of REvil who focused on the encryption/decryption side who have joined (or started Ransom Cartel) or we are looking at a ‘liberation’ of part of the source code from REvil.

The similarities between encryption between the two lead you to that conclusion.

It doesn’t seem to be a rebranding of REvil, as there are some useful techniques missing from the Ransom Cartel playbook – especially around how the ransomware obfuscates itself – but some new features to retrieve credentials.

Looks like there is a new band in town, but we might have met some of the members before.

Last edited 1 month ago by gareth.lindahl-wise
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x