September 8, 2021
The ransomware group REvil has resurfaced after it was reportedly shut down following the widespread attack on Kaseya on July 4 that affected thousands.
U.S. President Joe Biden met personally with Russian President Vladimir Putin after the attack, and analysts attributed the closure of REvil to a meeting between the two world leaders at which Biden pressed Putin about ransomware attacks from Russia.
Still, both U.S. authorities and Russian officials denied any involvement in the July attacks.
Security experts took to social media on Tuesday to explain that the group’s Happy Blog and other sites linked to REvil are now back online, with the latest posting coming from a victim who was attacked on July 8.
Security researchers from Recorded Future and Emsisoft both confirmed that much of the group’s infrastructure had resurfaced.
Most people expected that REvil would return, albeit with a different name and likely a new variant of ransomware.
The closure of REvil in July left many victims in a difficult situation. Mike Hamilton, former CISO of Seattle and now CISO of the ransomware remediation company Critical Insight, told that after the Kaseya attack, a company paid a ransom and received the decryption keys from REvil, which apparently did not work.
REvil attacked about 360 U.S. organizations this year and has made more than $11 million this year with high-profile hacks on Acer, JBS, Quanta computers and more.
For more information, read the original story in ZDNet.
