As per the new clues, Experts are wondering : is REvil back?

Change is a permanent part of life, nothing can stay the same for too long, even with hacking groups, those which are the most dangerous when working in complete silence. The renowned REvil ransomware gang, which is linked to the infamous JBS and Kaseya, has reappeared after the three months of arrest of its members in Russia.

The Russian domestic intelligence service, caught 14 people from this REvil gang. In this busting, the 14 members of the gang were found in proprietorship of 426 million roubles, $600,000, 500,000 euros computer equipment, and 20 luxury cars.

REvil Ransomware Gang- The Context

The economically-motivated cybercriminal threat group Gold Southfield supervised ransomware group known as REvil appeared in 2019 and spread like fire after blackmailing $11 million from the meat-processor JBS food company. REvil would encourage its associates to carry out cyberattacks for them by offering a percentage of the ransom pay-outs to those who help with penetration activities on targeted computers. 

In July 2021, hackers working under REvil make use of zero-day vulnerabilities in MSP service developed by a company called Kaseya. Generally, these vulnerabilities had not been repaired and were therefore open up for exploitation. 

The hackers hired cyber criminals so that a similar attack could also occur and interrupt the activities of others. It has been reported that how maintained ransomware attacks were supervised and revealed that most of the hacking groups utilize Ransomware-as-service by renting out their services to other users (who mostly have easy access to the user’s systems, networks, and other personal information). The well-known Colonial Pipeline, the oil pipeline company, administering in the United States, was attacked by REvil as part of a Ransomware service.

ReVil Making a Comeback

Cybersecurity researchers have put forward some of the samples of REvil ransomware. Their findings, based on the findings of samples which all exposed identical creation dates and collecting strings along with several other features, which mean the same person/team likely makes it - strengthens their argument that they have surely identified the original REvil ransomware developer and should logically, therefore, come to an end that the self-exiled cybercriminal group known as REvil has returned. 

REvil's Tor Sites Resumed.

In April 2022, security researchers noticed some malware found in previous attacks had resumed activity after a long period of silence. Two researchers who are into the dark side of cybersecurity recently disclosed a blog on the dark web which is used to broadcast ransomware attacks, and it was attracting others to take part in this menacing trend. They also came across the news that attackers took it up to themselves to recruit more ghost hackers.

Is REvil Back? - How Can You Fight?

REvil is well-known for being particularly devastating ransomware, and its return means that now businesses and individuals need to be on high alert for the most possible attacks. It is not sure to tell if the REvil ransomware gang's return will be as effective as its predecessor. But the fact that it emerged soon after the takedown operation indicates that this is may be their intention, and best ransomware protection and web security practices are proposed to be a regularity.

When it comes to defending your website from hackers and criminals, there are several methodologies you can include:

1. An automated web application scanner and manual penetration testing.
2. Set up anti-malware & anti-virus programs for regular security scans and so on.
3. Implementing security training programs – your end-users and employees should know about the ransomware threat and how to launch it.
4. Enable the principle of "least privilege" for application users who will help you to make sure that no one can access any part of your application which another user also doesn’t have access to, which will allow to avoid security breaches from executing.
5. Introduce cyber threat awareness initiatives.
6. Make sure your business is protected from downloading any executable files attached to incoming or outgoing emails.
7. Configure a Web Application Firewall (WAF) leads to block the access to malicious IP addresses.
8. Installation of proper SSL certificates for protection against Man-In-The-Middle attacks or using login plugins those verify the client's security token reduces the risk of yielding to data breaches.
 

Conclusion

It would not be a surprise if the REvil ransomware group resumes attacks as the original creator of the previous manifestation still exist. Even those are caught, likely to attempt it again in the future, which is especially scary if you wonder about how well prepared these online criminals are. Getting your customers' digital identities, servers, and data files compromised because of ransomware could mean losing a lot of time and money as these attacks get worse with time.

Also, the importance of protecting your reputation or avoiding to get it damaged can possibly be beyond measure. Therefore, businesses must make sure that their brand, intellectual property, and personal or sensitive information are protected from cyber criminals who use ransomware attacks daily.