Threat Management, Malware

REvil ransomware reemergence confirmed

Months after being shut down in a global law enforcement operation, the REvil ransomware has been confirmed to have returned following the discovery of a new ransomware encryptor by Avast researcher Jakub Kroustek, BleepingComputer reports. Various security and malware experts noted the inclusion of new features in the new operation's source code-based REvil sample, with security researcher R3MRUM noting that while the sample had a revised version number, it was a continuation of the final version released prior to the dismantling of REvil. "...[M]y assessment is that the threat actor has the source code. Not patched like "LV Ransomware" did," said R3MRUM. Compilation of the new REvil sample from source code was also confirmed by Advanced Intel CEO Vitali Kremez, who reverse-engineered the sample. Discovered by Kremez in the new sample was a new "accs" configuration field that details the credentials of particular victims. Such configuration option may be leveraged to curb encryption on devices without the named accounts and Windows domains. Modified SUB and PID options were also discovered in the sample.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.