LV ransomware operators repurposed a REvil binary to launch a new RaaS
Latest in cybersecurity.
The LV ransomware operators repurposed a REvil binary to create their own strain and launch a ransomware-as-a-service (RaaS).
A threat actor known as LV ransomware gang is trying to enter the cybercrime arena, it repurposed a REvil binary almost to create their own strain and launch a ransomware-as-a-service (RaaS).
The Sodinokibi/REvil is one of the major ransomware operations in the threat landscape, if conducted many attacks against high-profile targets, including the meat processing giant JBS and US nuclear weapons contractor Sol Oriens.
REvil is a group operating out of Russia, the activity of the ransomware gangs was also discussed during the last G7 meeting.
G7 member states have called on Russia and other states to dismantle operations of ransomware gangs operating within their countries.
This week, experts from Secureworks, which tracks the REvil’s gang as GOLD SOUTHFIELD, discovered that another ransomware group, tracked by the security firm as GOLD NORTHFIELD, repurposed a REvil binary to launch its own RaaS.
The circumstance suggests multiple scenarios, REvil sold the source code to the LV ransomware gang, the LV ransomware gang stole the source code, or simply the two gangs shared the code as part of a new partnership.
via Security Affairs https://ift.tt/2ISWpiN
June 23, 2021 at 12:13PM