27 May 2022

Cybergang Claims REvil is Back, Executes DDoS Attacks

According to researchers at Akamai, actors claiming to be the REvil ransomware group is targeting one of its customers with a Layer 7 attack. The group has also demanded an extortion payment in Bitcoin from Akami’s client. The defunct REvil ransomware gang went dark in July 2021 after several law

Read More
14 Feb 2022

More Details Emerge: REvil Gang Arrestee Tied to 2021 Colonial Pipeline Attack; Ukrainian Data Wiping Attack a False Flag Operation

A month ago, we provided an analyst of two incidents in the Ukrainian conflict that occurred on the same day (Friday, January 14th):  the Russian Federal Security Service (FSB) takedown of the REvil Ransomware Gang and a major cyberattack on Ukrainian government websites.  At the time, these events felt neither coincidental nor unrelated. The following is an update on both events as tensions rise in Eastern Europe.  Only time will tell if they are confirmed pieces of the larger information war waged by Putin.

Read More
18 Jan 2022

Russia arrests REvil ransomware gang members at request of US officials

14 members of the REvil ransomware group have been arrested by the Russian government. A joint effort between the Federal Security Service of the Russian Federation and the Ministry of Internal Affairs of Russia led to the arrest of the members of the cybercrime group. Several assets were seized in

Read More
14 Jan 2022

Today, Putin Sends Cybercrime Crackdown Signal to U.S.; Unattributed Cyber Attack on Ukrainian Government Sites

More than any of the mixed signals of the high-level meetings between the U.S. and Russia, two cyberwar developments today are far more clear indicators of the direction of the Ukrainian conflict playing out between NATO, Putin, and the U.S. 

Read More
01 Nov 2021

Suspected REvil Gang Insider Identified

German investigators identified a Russian billionaire who authorities suspect of being a core member of the notorious REvil ransomware gang. This individual is allegedly very flashy and tends to spend large amounts of money. The man goes by “Nikolay K” on social media. German police hope that he will leave

Read More
27 Oct 2021

Groove Calls for Cyberattacks on US as REvil Payback

Editor’s note: Groove was later determined to be a very unaccomplished bad actor playing a prank. (See: groove prank). Recently, international law enforcement joined together in an effort to dismantle the infrastructure belonging to the notorious REvil ransomware group. Following the operation, another cybercrime group called Groove called for revenge

Read More
22 Oct 2021

Government Agents Compromise REvil Backups to Force Group Offline

US authorities have allegedly forced the REvil ransomware group online in the latest offensive against ransomware. However, experts have warned that the move could lead to repercussions for former breach victims. Former officials and cybersecurity experts confirmed that an international law enforcement operation was responsible for taking down REvil’s data

Read More
19 Oct 2021

REvil ransomware operators claim group is ending activity again, victim leak blog now offline

The REvil ransomware group has claimed that the gang is disbanding after the group suffered from loss of vital infrastructure and internal disputes. The notorious ransomware gang has claimed to be done with the cybercrime industry before, announcing their departure in July after the devastating Kaseya attack that affected hundreds

Read More
16 Sep 2021

REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out

Bitdefender collaborated with law enforcement to create a key that would release data encrypted in ransomware attacks before the REvil ransomware gang disappeared from the internet on July 13. The universal decryption key will be free for victims of REvil ransomware attacks. The firm announced that it will be passing

Read More
29 Jul 2021

BlackMatter & Haron, Evil Ransomware Newborns or Rebirths

According to researchers, disappeared ransomware groups DarkSide and REvil have simply rebranded as Haron and BlackMatter. The two ransomware groups took down their leak sites and forums, going dark over the past several months. However, researchers claim that Haron and BlackMatter contain many of the hallmarks of the formerly active

Read More