The ransomware group known as REvil or Sodinokibi has adopted two new strategies to guarantee success in extorting ransom money from its victims, including conducting DDoS attacks and voice calling victims and their business partners, according to Bleeping Computer. The group in February announced a recruitment drive for hackers with knowledge of these procedures, which include Layer 3 and Layer 7 DDoS attacks and voice scrambled VOIP calls to journalists and victims’ partners, with the intent of putting more pressure on victims to pay the ransom, and the operation officially announced plans to use these tactics last week. REvil is providing the voice calls as a free service to affiliates and the DDoS attacks as a paid service. REvil’s ransomware-as-a-service attacks typically earn the group between 20-30% of the ransom money, while the remaining 70-80% go to affiliates. Several other ransomware operations have started to conduct DDoS attacks against victims as part of their operations, including SunCrypt and Ragnar Locker, and the ransomware group Avaddon in January.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.