REvil, the world’s most dangerous ransomware, is back

Considered one of the most dangerous ransomware gangs in the world REvil For this, a frightening statement came from experts. As it will be remembered, the group was disbanded in January after its members were arrested by Russia. All his property was also confiscated.

The REvil group, which left many respected names, including the US presidents, in a difficult situation with the cyber attacks it organized, even hacked Apple’s supplier Quanta Computer. In this way, he revealed the design of the 2021 MacBook Pro before the official introduction. Months later, the footprints of the famous band were found again.

REvil ransomware is back

Cybersecurity experts at Secureworks reviewed samples of files recently uploaded to the online antivirus scanning service VirusTotal. As a result of the investigation, the person or institutions behind the detected malware have previously REvil ransomware also has access to its source codes they came to the conclusion.

This is interpreted as a harbinger that the REvil ransomware may have returned. Experts said in a statement on the subject, “Defining more than one sample with different modifications and the absence of an official new version, Indicates that REvil is under active development” he used the phrase.

Apart from this research, there is also a new website allegedly owned by REvil. Older versions of ransomware check the geolocation of the victim and has certain criteria (for example, in a Russian-speaking area) it couldn’t hurt. However, it is stated that this limitation has been removed in the new version.

Prior to Secureworks, all cybersecurity firms, especially Avast, Advanced Intel, and R3MRUM, warned that REvil ransomware would be revived.

What do you think about this subject? Do you think the gang will reunite after this or is it completely disbanded now? You can share your thoughts in the comments or on the SDN Forum.