Though the REvil ransomware-as-a-service operation appeared to evaporate final October, analysts have discovered the group’s affect remains to be appreciable.
Notably, risk researchers from Unit 42 reported discovering connections between REvil actions and that of ransomware group Ransom Cartel, an up-and-coming cybercrime group claiming to supply “the identical, but improved software program” as REvil.
Following evaluation, the Unit 42 crew decided Ransom Cartel by some means was capable of acquire entry to REvil ransomware supply code. Ransom Cartel additionally mimics REvil techniques, together with double extortion, Unit 42 added. Nevertheless, the researchers stated there are some elements of the REvil operation that Ransom Cartel appears to lack.
“Based mostly on the truth that the Ransom Cartel operators clearly have entry to the unique REvil ransomware supply code, but probably don’t possess the obfuscation engine used to encrypt strings and conceal API calls,” the Unit 42 ransomware report defined, “we speculate that the operators of Ransom Cartel had a relationship with the REvil group at one level, earlier than beginning their very own operation.”