The previously-thought defunct cybercriminal gang seems to not solely reopened for enterprise however has re-established themselves as a significant risk by touting 400GBs of stolen knowledge.
Usually when a ransomware gang shuts down, we are likely to assume they’re simply going darkish to reinvent themselves as a brand new group. And when the gang is arrested and their belongings confiscated, one assumes they’re gone for good. However within the case of REvil, it seems that they’re again for extra… and are, sadly, off to a maliciously good begin.
In line with a latest twitter put up from vx-underground, REvil is claiming duty for an assault of Midea Group, a $50 billion electrical producer:
One of many screenshots captured by vx-underground reveals a complete of 373GBs of information stolen from Midea Group, placing this group prone to popularity harm, mental property theft, and extra.
Traditionally, REvil has leveraged vulnerabilities, RDP, and phishing as preliminary assault vectors, making it crucial that organizations carry out vulnerability administration scans, lock down (or get rid of totally) RDP, and implement safety consciousness coaching to scale back the chance of phishing assaults being profitable.