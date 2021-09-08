Infosecurity Group Websites
Latest
News

REvil Ransomware Group is Back as "Happy Blog" Returns

An infamous ransomware group that appeared to shutter its operations following a major supply chain attack on IT software provider Kaseya seems to be back in business.

The REvil/Sodinokibi variant has been used by countless affiliates to extort money from companies as diverse as now-defunct Travelex, Jack Daniels-maker Brown-Forman and meat processing giant JBS.

Last year it claimed to have amassed a fortune of $100m through its efforts.

However, widespread condemnation following the July Kaseya attack, which impacted thousands of downstream customers, including schools, appeared to have forced the group offline. The attack itself garnered attention from the very top level of the US government, with President Biden ordering his intelligence agencies to investigate.

Some speculated that it was simply lying low and would likely return with different branding.

However, that doesn’t appear to be the case, with the group’s “Happy Blog” site now back up and running, according to Recorded Future. The site is where it publishes data exfiltrated from its victims in order to force them to pay up.

“At the time of writing, the website is still listing the same victims it listed at the time of its shutdown on July 13,” the threat intelligence firm claimed.

“In addition, REvil’s ‘payment portal,’ where victims are told to go and negotiate with the REvil gang, has also been restored at the same old dark web .onion URL.”

Some speculated back in July that REvil threat actors, thought to be located within Russia, had been told to tone down their activity by the Kremlin after high-level geopolitical meetings with Washington.

The White House has issued repeated statements warning that it reserves the right to go after cyber-criminals wherever they’re located if governments purportedly harboring them refuse to take action. 

If you liked this article, be sure to check out these upcoming Online Summit sessions:

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

New PrintNightmare Patch Can Be Bypassed, Say Researchers

2
News

Cybercrime Costs Organizations Nearly $1.79 Million Per Minute

3
News

CTOs Keeping Quiet on Breaches to Avoid Cyber Blame Game

4
News

Over 170 Scam Cryptomining Apps Charge for Non-Existent Services

5
News

Most Insider Data Breaches Aren't Malicious

6
News

Kremlin Hackers Reportedly Breached Republican National Committee

1
News

Stress and Burnout Affecting Majority of Cybersecurity Professionals

2
News

Attacks on IoT Devices Double Over Past Year

3
News

REvil Ransomware Group is Back as "Happy Blog" Returns

4
News

CISA Urges Firms to Mitigate New Windows RCE Bug

5
Opinion

Embedded Fraud Analytics for DeFi Protocols

6
News

Cyber-Attack on Washington DC University

1
Webinar

Overcoming 'Shadow IT' Need and Risk

2
Webinar

How to Rethink End-User Protection and Eliminate Phishing and Ransomware

3
Webinar

Machine ID Management vs. Digital Transformation: Building a Secure Future

4
Webinar

New Strategies for Managing Machine Identities

5
Webinar

Third-Party Vulnerabilities: Demystifying the Unknown

6
Webinar

Defining the Zero Trust and SASE Relationship

1
Webinar

Third-Party Vulnerabilities: Demystifying the Unknown

2
News

#BHUSA: Researchers Criticize Apple Bug Bounty Program

3
Podcast

IntoSecurity Chats, Episode 5 - Rik Ferguson, brought to you by Thales

4
News

#BHUSA: How Supply-Chain Attacks Change the Economics of Mass Exploitation

5
Editorial

Infosecurity Magazine is Back Online!

6
Magazine Feature

Top 5 Best Practices for Cloud Security