Months after being shut down in a global law enforcement operation, the REvil ransomware has been confirmed to have returned following the discovery of a new ransomware encryptor by Avast researcher Jakub Kroustek, BleepingComputer reports.
Various security and malware experts noted the inclusion of new features in the new operation's source code-based REvil sample, with security researcher R3MRUM noting that while the sample had a revised version number, it was a continuation of the final version released prior to the dismantling of REvil.
"...[M]y assessment is that the threat actor has the source code. Not patched like "LV Ransomware" did," said R3MRUM.
Compilation of the new REvil sample from source code was also confirmed by Advanced Intel CEO Vitali Kremez, who reverse-engineered the sample.
Discovered by Kremez in the new sample was a new "accs" configuration field that details the credentials of particular victims. Such configuration option may be leveraged to curb encryption on devices without the named accounts and Windows domains. Modified SUB and PID options were also discovered in the sample.
This week in the Security News: When you just wanna hurl, malicious containers, FCC bans stuff, these are not the CVE's you're looking for, Linux password mining, mind the gap, hacking smart watches, & more!
Novel DuckLogs malware-as-a-service detailed More than 6,000 victims have been compromised by the new DuckLogs malware-as-a-service operation, whose platform is being leveraged by over 2,000 cybercriminals, according to BleepingComputer.