Eric Milam, BlackBerry comments: REvil Ransomware
September 2021 by Eric Milam, VP of Research and Intelligence at BlackBerry
Since the beginning of pandemic crisis, ransomware cyberattacks are constantly increasing and some specific criminals are famous because of their spectacular attacks. One of them seem to reappear after a time of absence: REvil. This ransomware group has returned to the Dark Web after disappearing last July under pressure. Indeed, the U.S. government ruled on Russia to act on ransomware groups operating in the country, here they are again.
In response to this return, Eric Milam, VP of Research and Intelligence at BlackBerry comments:
« REvil’s disappearance wasn’t surprising – and neither is their reemergence. When the spotlight is on a criminal group, they may choose to step away for a while. They often use this time to make a "better product" and come back later. This is not unlike companies that start to get a bad reputation, they tend to rebrand themselves and come back as something "different", even if it’s just their name.
Since REvil has returned, our team is focusing on the hard evidence. Most attackers won’t change their core techniques but in this case, REvil has great motivation to try something new. BlackBerry Research & Intelligence recently found that threat actors are creating new exotic languages to avoid detection and hinder analysis or even address painpoints in their development process. The research community should stay aware of the possibility that this trend will continue as ransomware gangs change their typical attack method to maintain a competitive advantage over other groups. »