As the reports suspect, the REvil Ransomware gang is all set to commence cyber attacks randomly on any websites, Firms, etc.

REvil – Ransomware Evil is a hacking group which is operated from Russia and was founded in 2019.

The notorious gang would hack all the confidential files and Information of the victims and later, it would threaten the victims to publish the information on their page Happy Blog. The gang would ask for a huge amount of money from victims to keep their hacked data safe.

Lastly, the Russian FSS – Federal Security Service, claimed that they’ve destroyed REvil Ransomware and caught numerous gang members. Approximately, the Russian FSS have caught 14 members of the gang along with 426 million roubles, $600,000, 500,000 euros, computer equipment, and 20 luxury cars.

Is the notorious gang back?

Reportedly, the REvil Ransomware gang which is linked to JBS and Kaseya, have shown up after three months from their members’ arrest in Russia. Additionally, Cyber security researchers have pinged up the samples of REvil Ransomware. The security team has traced certain hacking which is identified to be a Ransomware gang hacking procedure.

Henceforth, the cybercriminal gang identified as REvil Ransomware have marked its return.

Here is a sample of Ransomware comeback –

The latest sample has made use of longer GUID-type values, such as –

3c852cc8-b7f1-436e-ba3b-c53b7fc6c0e4

How can we keep our data safe from REvil Ransomware –

Although the news is all over the internet which clarifies the notorious gang’s comeback. But we cannot assume it as lenient or just some normal hacking group. REvil Ransomware is already planning this hacking game on the peak.

The business and other users should be alert and try to keep their credentials in extra safety measures.

Following basic measures can help to keep your data secured –

•Install an antivirus software which helps to detect any malicious sites, documents, applications.

•Always use a scanner before downloading any data, PDFs, documents. It will inform you where documents have any kind of malicious things for which you have to compromise with your personal details.

•Implement end to end encryption technology. Keep a password and lock your online accounts. So that no one can randomly take a look in your accounts.

The post Is REvil Ransomware gang activated again? appeared first on The Tech Outlook.

Yaroslav Vasinskyi, a Ukrainian national affiliated with the Russia-based REvil ransomware organisation, has been extradited to the United States to face charges in connection with the July file-encrypting malware assaults on various companies, including Kaseya.

The 22-year-old had previously been arrested in Poland in October 2021, prompting the US Justice Department (DoJ) to pursue accusations of conspiracy to commit fraud and similar activities involving computers, damage to protected computers, and conspiracy to commit money laundering.

Ransomware is the digital version of extortion in which cybercriminals encrypt victims’ data and hold it hostage in exchange for a monetary payment to retrieve the data; otherwise, the stolen material is published publicly or sold to other third parties.

According to the DOJ, in addition to the high-profile attacks on JBS and Kaseya, REvil is believed to have infected over 175,000 systems, earning the organisation at least $200 million in virtual currency ransoms.

Vasinskyi, who was brought to Dallas on March 3 as part of an extradition deal between the United States and Poland, had his accusations publicly read in the Northern District of Texas. Vasinskyi risks a total prison term of 115 years if convicted on all counts.

“Just eight months after committing his alleged ransomware attack on Kaseya from overseas, this defendant has arrived in a Dallas courtroom to face justice,” said Deputy Attorney General Lisa O. Monaco. “When we are attacked, we will work with our partners here and abroad to go after cybercriminals, wherever they may be.”

The post Yaroslav Vasinskyi, Ukrainian Hacker arrested and extradited over REvil ransomware appeared first on The Tech Outlook.

According to cybercriminals claiming to be members of the REvil ransomware organisation, the gang is shutting down after losing control of critical infrastructure and experiencing internal strife.

Recorded Dmitry Smilyanets, a future security specialist, published many messages on Twitter from ‘0 neday,’ a notorious REvil operator, describing what transpired on the cybercriminal site XSS. He stated that the group’s Tor payment gateway and data leak website had been hacked.

0 neday says in the mails that he and “Unknown,” a senior member of the gang, were the only two members of the gang who possessed REvil’s domain keys. “Unknown” vanished in July, leading the rest of the gang to believe he had perished. The organisation restarted activities in September, however 0 neday reported this weekend that the REvil domain had been accessed with “Unknown” keys.

0 neday wrote in another message, “The server had been hacked, and they were on the lookout for me. They removed the route of my secret service from the torrc file and replaced it with their own, causing me to go there. I double-checked with others, and this was not the case. Good luck to everyone; I’m leaving now.”

After the horrific attack on Kaseya spread hundreds of companies worldwide and caused enormous harm, REvil shut down in July. The group is one of the most active ransomware gangs today, having targeted hundreds of important corporations and organisations in recent years.

However, following the July 4 attack on Kaseya, the organisation came under intense law enforcement investigation and terminated its activities on July 13. The gang reappeared in September, continuing to assault scores of businesses in recent weeks.

According to The Record, the group’s servers were shut down on July 13 after “Unknown” reportedly took their money and shut them down, making it impossible for them to reopen.

Smilyanets told the news organisation that he hoped the organisation had been shut down as a result of US law enforcement operations. Because of their activities during the REvil attack on Kaseya, the FBI and other US agencies have experienced substantial blowback in recent weeks.

The FBI confessed it had decryption keys that might have aided the approximately 1,500 ransomware victims afflicted by the Kaseya assault, but opted against it because they were planning an attack on REvil’s infrastructure. The organisation shut down before the operation could be completed, and the FBI has been chastised by the impacted groups and politicians for delaying the release of the decryption keys.

Bitdefender eventually provided a free decryptor to all of the Kaseya-affected enterprises.

Experts had conflicting reactions to the incident, with some advising citizens not to trust criminals’ words. Others explained that the scenario made sense because REvil’s acts were being criticised by its own affiliates.

The post The operators of the REvil ransomware say that the organisation has ceased operations once more, and that the victim leak blog has been taken offline appeared first on The Tech Outlook.