Cyber criminals behind REvil ransomware are auctioning off stolen data to the highest bidder, hinting at changing tactics and possibly the economic impact of COVID-19 on cybersecurity.
The US authorities offered a $10 million reward for information to identify or locate REvil and DarkSide ransomware gang leaders, and $5 million for their affiliates preparing attacks.
REvil ransomware gang, implicated in the high-profile attacks on JBS and Kaseya, seems to have very suddenly disappeared from the internet. The group has even closed up pages advertising its services on the dark web.
Trustwave analyzed dark web chatter on the underground hacking forums and discovered that cybercriminals were anxious after the Russian FSB arrested 14 REvil ransomware gang members.
The REvil ransomware gang has been a point of special focus for international law enforcement and possibly been dealt a fatal blow as Russian authorities have rounded up 14 members residing in the country.
REvil Ransomware operators deposited $1 million in Bitcoins on a Russian-speaking hacker forum to recruit hackers to work as affiliates earning 70-80% commission.
Acer reportedly suffered a REvil ransomware attack. The threat actors posted some files as proof and demanded the highest recorded ransom payment of $50 million in Monero.
The REvil ransomware has become something of a cybersecurity household name but it may be losing some business now that a disgruntled former client has leaked code demonstrating that the group can backdoor its own customers.
After the breach of Kaseya and thousands of clients downstream from it by REvil ransomware, the perpetrators disappeared abruptly but Kaseya appears to have received a decryption key nearly three weeks into the attack.
Collaborative international law enforcement effort appears to have at least temporarily crippled the notorious REvil ransomware gang, taking the group's Tor sites and dark web infrastructure off the internet and putting it beyond reach.
