Cybergang Claims REvil is Back, Executes DDoS Attacks
According to researchers at Akamai, actors claiming to be the REvil ransomware group is targeting one of its customers with a Layer 7 attack. The group has also demanded an extortion payment in Bitcoin from Akami’s client. The defunct REvil ransomware gang went dark in July 2021 after several law enforcement operations agains cybercrime syndicates. Although the attackers may claim to be REvil, it is unclear whether the defunct ransomware gang is actually responsible. The attack is a much smaller sale than those observed in previous REvil campaigns, according to researchers.
In addition, the attack appears to have a political motivation, which hints at inconsistency with REvil’s previous tactics. During REvil’s active period, the group claimed it was motivated only by financial gain. The distributed denial of service (DDoS) campaign is targeting a hospitality customer of cloud networking provider Akamai. Researchers have been monitoring the attack since May 12, when the customer alerted IT of an attempted attack. Akamai released a blog post on Wednesday confirming some of the details of the attack.