SecureDefence Feed Display

REvil Strikes Again Who & What Are They?

REvil are a ransomware as a service collective who attack individuals for a price and predominantly target western companies.

REvil operations

Strangely enough REvil operates with an affiliate based system where they recruit individuals to distribute ransomware for them. An aspect of this arrangement is the affiliates and developers of ransomware split revenue from payments. They are assumed to be Russia based as they havent targeted any Russian based companies as of yet. Offshoots being something that REvil possible is of GandCrab but also creating DarkSide is speculated by the cyber security community.

2020 Cases

Stealing close to one terabyte of data from the law firm Grubman Shire Meiselas & Sacks and demanding ransom payments be met. They have also demanded $42 million from then President Donald Trump according to the collective they have sold the data to a buyer. Lady Gaga has also been targeted with 2.4 GB of legal documents being release and the following day 169 emails which referred to Donald Trump were released.

2021 Cases

REvil attacked the Harris Federation and published numerous financial documents to its blog. Due to this event the IT systems were shut down affecting nearly 40,000 students. Acer has also been attacked with REvil downloading data and installing ransomware demanding $50 million to decrypt the systems and to delete the downloaded files. Other notable cases of 2021 were their stealing of product schematics for Apple Quanta Computers which included a smart watch and laptop. Swedish Coop grocery store was forced to shut 800 stores for several days due to an attack.

Shut down

REvil in October 2021 were on the recieving end of an attack from a multi country operation and forced offline. VMWare’s head of cybersecurity strategy said “The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,”. One gang member of REvil attempted to restore their servers from backups however those have been compromised.

2022 REvil returns

Having been assumed to be out of action REvil this week have announced they have hit a fortune 500 company. The company in question is Midea Group a major Chinese manufacturer of elective appliances. The group overall might be returning however if they are it means that more individuals have joined the collective.

Our active fundraising for Air Ambulance is found here we appreciate any donation.

Last weeks article on EE is available here.

Share This Post:

Facebook
Twitter
LinkedIn
Pinterest
Email
WhatsApp
Picture of Alex Cunningham
Alex Cunningham
Alex is an information governance graduate, his main role is to support clients on how to help mitigate information security risks. Having recently graduated with a degree in Cyber Security with a focus on user-based security issues and risks. Alex enjoys playing video games, watching movies and going outside to visit new places with his dog Ruby.
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue