The REvil ransomware threat group has claimed responsibility for a recent campaign in which nine organizations were impacted. The threat group has allegedly infected nine different organizations located across Africa, Europe, Mexico, and the US. The REvil group uses the Sodinokibi ransomware to compromise networks and devices. The organizations include law firms, an insurance company, an architectural firm, a construction company, and an agricultural co-op within the US. In Mexico and Africa, two large international banks were impacted. A European manufacturer has also suffered from a cyberattack as a result of REvil’s recent cyberattack streak.
The victim companies have not been named as of this time. The attacks directly follow a sophisticated and well-planned drive-by-download campaign perpetrated by REvil in December. The campaign’s purpose was to infect business professionals’ computer systems with the Sodinokibi ransomware, Gootkit banking trojan, or the Cobalt Strike intrusion tool. Following the takedown of the banking Trojan Emotet by law enforcement, REvil seems to be upping the ante when it comes to their cyber campaigns.
