The Hacker News reports the emergence of new REvil ransomware samples, indicating that the ransomware operation has returned after being inactive for six months.
Secureworks Counter Threat Unit researchers examined the REvil ransomware samples and discovered that they have been developed by someone with access to REvil source code.
"The identification of multiple samples with varying modifications in such a short period of time and the lack of an official new version indicates that REvil is under heavy active development once again," said researchers.
The report showed that the new REvil samples dated March 11 were found to have updated configuration storage location, string decryption logic, and hard-coded public keys, as well as modified Tor domains in the ransom note.
Russia's ongoing conflict with Ukraine may have prompted the revival of the REvil ransomware operation, which also gives credence to the rebranding of ransomware actors shortly after they have disbanded.