Potential REvil ransomware revival examined

Akamai researchers disclosed that one of its clients in the hospitality sector has been impacted by a distributed denial-of-service attack launched by threat actors purporting to be related to the REvil ransomware gang, which was believed to be dismantled following the arrest of several of its members in January, reports TechRepublic. Attackers have launched a coordinated attack involving the use of several HTTP/2 GET requests against the Akamai customer, which prompted site traffic to reach up to 15kRps. Akamai's Security Intelligence Response Team was notified about the intrusion on May 12, with researchers noting that the tactics leveraged in the attack aligned with techniques previously used by REvil. However, attributing the campaign to REvil or a mere copycat has been challenging, according to Akamai SIRT Engineer Chad Seaman. "This campaign compared to previously reported campaigns does have different traits that would suggest it isnt the same group that launched the previously documented REvil attacks, but it's hard to tell if those were even truly REvil to be honest," Seaman said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.