REvil Russian Ransomware Gang is Back Online

The Russian Ransomware Gang REvil, also known as Sodinokibi, has resurfaced recently

REvil Russian Ransomware Gang is Back Online
REvil Russian Ransomware Gang is Back Online | Image credits: Lifars

Despite their two-month pause following a highly known attack on Kaseya on July 4, the REvil ransomware-as-a-service (RaaS) operators struck again with an unexpected reappearance, according to The Hacker News.

This is the second time the Happy Blog website (which serves as a database of gang members' personal information) and its payment/negotiation website (which is used for financial transactions) have been discovered online, with the most recent victim being listed on July 8, just five days before the sites were taken down on July 13. 

According to Brett Callow, threat researcher at Emsisoft, the Happy Blog is up again.

A month after a massive ransomware attack hit the Kaseya IT management firm, resulting in a worldwide supply chain encryption of over 1,500 downstream organizations, Kaseya has announced a major upgrade to its VSA remote management software.

Just a few weeks after the attack on Wurld's largest meat producer, REvil also led the assault on JBS, which was forced to pay the ransom of $11 million to free itself from the extortionists.

The gang shut down its dark web infrastructure after the attacks and after the public reacted by scrutinizing them in the wake of the worldwide ransomware epidemic. This led to suggestions that the group was halting its operations so that it might rebrand under a new identity to be less conspicuous.

REvil, also known as Sodinokibi, is one of the most often detected ransomware variants in the first quarter of 2017, according to the Emsisoft data.