Ransomware Reprise? – REvil Ransomware Group Reemerges

The ransomware group REvil has just reappeared after going offline shortly after its attack on Kaseya over the July 4th weekend. REvil is responsible for some of the most disruptive ransomware attacks. For example, in June, REvil targeted Brazil’s JBS SA, one of the world’s largest meat suppliers. In July, REvil exploited a zero-day vulnerability in the Kaseya VSA remote management software to encrypt approximately 60 managed service providers (MSPs) and more than 1,500 of its clients. Shortly after these high-profile attacks, REvil’s online infrastructure went dark for no apparent reason. However, several of its severs were observed back online Tuesday. Adam Meyers, vice president of intelligence at cybersecurity firm CrowdStrike, surmises the groups hiatus was perhaps a cooling off period, noting “there was a lot of heat back in June/July. Maybe they rebuilt some infrastructure and invested in better operational security.” The return of this nefarious group could likely be a pre-cursor to more high-profile attacks, but time will tell. In the meantime, organizations should remain vigilant and review ransomware resilience plans. There are many good resources to help with ransomware readiness, members are encouraged to checkout CISA’s recently launched StopRansomware initiative for resources, guidance, and more. Read more at Bloomberg.