Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
REvil Group Claims Slew of Ransomware Attacks
#1
Information 
Quote:The REvil ransomware threat group is on a cyberattack tear, claiming over the past two weeks to have infected nine organizations across Africa, Europe, Mexico and the U.S.
 
The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the U.S.; as well as two large international banks (one in Mexico and one in Africa); and a European manufacturer. In an email interview with Threatpost, researchers with eSentire, who wrote an analysis of the threat group’s claims, said they would not name the victim companies.
 
“These new ransomware incidents, which the…gang is claiming, could certainly be plausible,” said Rob McLeod, senior director of the Threat Response Unit (TRU) for eSentire. “These attacks come directly on the heels of an extensive and well-planned drive-by-download campaign, which was launched in late December. This malicious campaign’s sole purpose is to infect business professionals’ computer systems with the…ransomware, the Gootkit banking trojan or the Cobalt Strike intrusion tool.”
 
The threat group is also known as the Sodinokibi ransomware gang, and is called “Sodin” by eSentire. The malware, which first surfaced in 2019, has since proliferated to hit an array of victims, including New York-based celebrity law firm Grubman Shire Meiselas & SacksTravelex and Brown-Forman Corp. (the maker behind Jack Daniels).
 
Researchers said that REvil cybercriminals posted documents on underground forums that purported to be from the victims’ systems – including company computer file directories, partial customer lists, customer quotes and copies of contracts. Researchers said they also posted what appears to be several official IDs, either belonging to an employee or a customer of the victim companies.
 
“We do not know the amount of the ransom they have demanded or if a ransom has been paid,” McLeod told Threatpost. “However, we have seen some victims posted, and then their information and name have been pulled from the website. We wonder if this indicates payment.”

Read more: REvil Group Claims Slew of Ransomware Attacks | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>