The previously-thought defunct cybercriminal gang appears to not only reopened for business but has re-established themselves as a major threat by touting 400GBs of stolen data.
Normally when a ransomware gang shuts down, we tend to assume they’re just going dark to reinvent themselves as a new group. And when the gang is arrested and their assets confiscated, one assumes they’re gone for good. But in the case of REvil, it appears that they are back for more… and are, unfortunately, off to a maliciously good start.
According to a recent twitter post from vx-underground, REvil is claiming responsibility for an attack of Midea Group, a $50 billion electrical manufacturer:
One of the screenshots captured by vx-underground shows a total of 373GBs of data stolen from Midea Group, putting this organization at risk of reputation damage, intellectual property theft, and more.
Historically, REvil has leveraged vulnerabilities, RDP, and phishing as initial attack vectors, making it imperative that organizations perform vulnerability management scans, lock down (or eliminate entirely) RDP, and implement security awareness training to reduce the risk of phishing attacks being successful.