The REvil ransomware is known for evolving and introducing new tactics to benefit itself and its affiliates. A new tactic has been adopted by the ransomware this time by which its affiliates can use to exert even more pressure on victims.
The Update –
DDoS attacks are now being utilized by the ransomware while VOIP calls are also being made to the victims’ business partners and journalists.
- A free service is included in this active campaign where the group or affiliated partners will perform voice-scrambled VOIP calls to the media and victim’s business partners with information about the attack to create additional pressure.
- Moreover, the ransomware gang is also providing a paid service that their affiliates can utilize to perform Layer 3 and Layer 7 DDoS attacks against the victims.
Last month, a job vacancy was posted by the operators of REvil Ransomware in which they were looking to recruit people to perform DDoS attacks and use VOIP calls to contact victims and their associated partners.
In the past, the implementation of DDoS attacks by ransomware gangs has been observed.
- In January, the might of a DDoS attack was put to use o take down a victim’s network in order to force victims into paying the ransom by the Avaddon ransomware gang.
- Only when Suncrypt and Ragnar locker ransomware operation used the DDoS attack in 2020 October, its active use was first spotted.
Recent Activity in the REvil Timeline –
- The Trigano Group and the Southern Arkansas University were targeted last month.
- In January, $30Million was demanded from the Dairy Farm Group after a successful attack was executed.
It’s a safe assumption that operators of the REvil Ransomware would continue in the same vein and would update its tactics to maximize its profits. The use of their current tactics creates extra pressure on their victims and it could also inspire other ransomware gangs to follow suit.
To read more, please check eScan Blog
