REvil has once again “resurrected”

REvil has once again "resurrected"


The message from the cloud provider Akamai says that the hotel company, which is a client of the company, was subjected to a DDoS attack. The most common-looking attack attracted attention because of a message demanding payment, in which a group of hackers called themselves REvil. Akamai specialists have been monitoring the DDoS attack since May 12.

“Attackers are trying to overload the client’s site by attacking with waves of HTTP/2 GET requests with methods of destroying the cache. The requests contain embedded payment requirements, bitcoin wallet address and hacker requirements,” the company said. The attackers demand from the victim not only a ransom, but also a complete cessation of activity in the whole country, stating that the attack will continue until monetary and political demands are met.

Political demands are uncharacteristic of REvil. However, some experts believe that the situation in the world could affect the behavior of ransomware attacking the critical infrastructure of the West.

The Akamai report also does not confirm the “authenticity” of the grouping. For example, the number of the bitcoin wallet used by the attackers has no obvious connection with the original REvil. Perhaps cybercriminals simply used a centuries-old intimidation tactic, wanting to force the victim to pay the ransom as quickly as possible.

Cybersecurity researchers have noted that traces of REvil do appear in some attacks, but this is not direct evidence of the return of the original group to the cybercrime arena.

Start a discussion …