revil (10)

8925651266?profile=RESIZE_400xThe REvil ransomware community is one of a new generation of 'Ransomware-as-a-Service' (Raas) businesses. Their core team of developers creates the ransomware, while their "affiliates" spread it to the devices. The developers receive a 20-30% share of any good ransomware attack's earnings, while associates receive a 70-80% payout.Groupe Reorev claims to have had 400GB of confidential data stolen by the new ransomware community known as "LV." Few sample documents have been leaked by the actors, b

8759390887?profile=RESIZE_400x

Active since 2019, the actors behind Sodinokibi, also known as REvil, are one of the most prolific ransomware groups currently operating. Believed to have Russian origins, the REvil gang avoids targeting Eastern European companies. The group extorts payment from victims by publishing confidential documents on the dark web for anyone to view. Even companies who are not hit directly by this group risk losing sensitive data if a member of their supply chain hosts/stores sensitive data on the suppl

8725760658?profile=RESIZE_400xThe threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations.  The REvil ransomware threat group is on a cyberattack tear, claiming over the past three weeks to have infected ten organizations across Africa, Europe, Mexico and the US.  The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the US; as well as two large international banks (one in Mexico and

8566308097?profile=RESIZE_400xNo one needs reminding that ransomware has reached incredible proportions; one widely reported statistic from Purplesec suggests that $20 billion was paid out in 2020. That's almost double its $11.5 billion estimate from 2019, with a commensurately huge increase in the number of attacks, while BitDefender suggested a 715% increase in the first half of the year.

The "crews" have multiplied, adopted tactics that are reminiscent of nation-state attacks, and developed partnerships and relationships

8522620286?profile=RESIZE_400xActivity Summary - Week Ending 5 February 2021:

  • Red Sky Alliance identified 34,976 connections from new unique IP addresses
  • Greek Bank, Alpha Bank Group has an Attack Server (C2) Compromise
  • DigitalOcean has a Compromised (C2) IP
  • Analysts identified 2,089 new IP addresses participating in various Botnets
  • PowerShell Dropping REvil
  • Ursnif/Gozi using INPS as Bait
  • How the World Ends
  • US – Russia Cyber Strategy
  • Rocket Chat (Al Qaeda) urging Cyber Terrorism
  • Operation Lady-Bird
  • Electric Grids – Still a

8196171482?profile=RESIZE_400xRemember the Dark Side comics?  Well, the DarkSide criminal hacking group is no laughing matter.  The DarkSide Ransomware gang claims they are creating a distributed storage system in Iran to store and leak data stolen from victims.  DarkSide is operated as a Ransomware-as-a-Service (RaaS) where developers control programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.

DarkSide is the latest ransomware criminal gang to anno

8157019075?profile=RESIZE_400xActivity Summary - Week Ending 13 November 2020:

  • Red Sky Alliance observed 67 unique email accounts compromised with Keyloggers
  • Analysts identified 42,222 connections from new unique IP addresses
  • 2,563 new IP addresses were observed Participating in various Botnets
  • Hezbollah is the Top Threat actor this week targeting Israel, US, Lebanon, Syria and Iran
  • TrickBot and BazarLoader
  • WatchBogMiner
  • Ransomware blocks electronic Stadium Entrances
  • A UK Premier League soccer club's Managing Director was H

8131231863?profile=RESIZE_400xIt should come as no reprise that ransomware groups that steal a company's data and then get paid a fee to delete it don't always follow through on their promise.

The number of cases where this has happened has increased, according to a report[1] published by Coveware this week and according to several incidents shared by security researchers with ZDNet researchers over the past few months. These incidents take place only for a certain category of ransomware attacks — namely those carried out by

5887188088?profile=RESIZE_400xLike any profitable business model, ransomware gangs continue to innovate and increase their business.  Recently, reports have emerged of a collaboration between the Maze and Lockbit gangs, as well as the REvil, aka Sodinokibi, operators not leaking stolen data for free when victims do not pay, but instead auctioning it off to the highest bidder.

Here are some of the latest ransomware trends noted by cyber analysts: IR-20-164-002_Ransomware Trends.pdf

4304188497?profile=RESIZE_710xOur Friends at the FBI issued a cyber bulletin on 04 01 2020.  This was no April Fool's Joke, but a serious cyber warning on the Sodinokibi Ransomware (pic: tgsoft.it), also known as REvil, Bluebackground, or Sodin.  Red Sky Alliance / Wapack Labs was already researching this ransomware.  Last week, Jesse Burke our Chief of Special Operations, provided a brief on Sodinokibi Ransomware.  Look to your right (Did you miss the March Cyber Intelligence Briefing (CIB). Topics: Coronavirus Lures and Bu