A veteran ransomware threat researcher has warned not to take the talk of the disappearance of the Windows REvil ransomware group seriously a second time as the forums where these posts are closely monitored are closely monitored.

Brett Callow, who works with New Zealand security company Emsisoft, said iTWire: “Everyone knows that the forums are being monitored, and that includes the criminals. The information they publish is likely complete bullshit designed to mislead anyone trying to figure out what they’re up to. Law enforcement, for example. “

The website Beeping computerwhat is something of a special operation in relation to ransomware, called the shutdown came after someone hijacked the Tor payment leak portal and the group’s data leak blog on the dark web.

Reporter Lawrence Abrams said a person named Dmitry Smilyanets works for and also for the threat intelligence company Recorded Future. writes The recording, a website of the company, had found a thread claiming to be the cause of REvil’s disappearance. The CIA’s investment arm, In-Q-Tel, is an investor in Recorded Future.


In a report in The recording the reporter herself quoted Catalin Cimpanu Smilyanets without giving any indication of the relationship between Recorded Future and The Record.

REvil went offline for the first time in July after the ransomware got used to it attack approximately 60 managed service providers using a zero day bug in the Kaseya VSA remote management software. Kaseya is a solution developer for MSPs.

About two months later, REvil came back on-line. There has been speculation that REvil’s dark web operations disappeared in July due to a technical issue. When the site was back online, it was assumed that the operators were just on guard.

The pressure on ransomware gangs increased afterwards a hit on the US Colonial Pipeline in May by the DarkSide ransomware gang.

That was further exacerbated after the Kaseya incident when US President Joe Biden raised the issue during talks with his Russian counterpart, Vladimir Putin.

The US recently convened an online meeting of about 31 countries Discuss steps to prevent ransomware attacks, but for unknown reasons neither Russia nor China were invited.

Many ransomware gangs are based in Russia but appear to operate freely provided they do not attack websites within the country.

Callow said he had no idea what happened to take the REvil site back offline. “They could have been knocked out in a law enforcement attempt, or Team REvil could go on a disappearance attempt to defraud their criminal partners, or it could be something else entirely,” he said.

“What I do know, however, is that comments on forums from people posing as members of cyber crime operations should be viewed with the utmost skepticism.”

REvil has been one of the most prolific groups of ransomware since this genre of malware became the main network security problem in businesses using Windows.

ADVERTISE YOUR WEBINAR ON ITWIRE

It’s all about webinars.

Marketing budgets are now focused on webinars combined with lead generation.

If you want to promote a webinar, we recommend at least a 3 to 4 week campaign in advance of your event.

The iTWire campaign will include extensive advertisements on our news site itwire.com and prominent newsletter advertisements https://itwire.com/itwire-update.html as well as promotional messages and editorials. Plus a video interview of the keynote speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos, which is used in advertisements on the iTWire homepage.

Now we come from Lockdown iTWire will focus on helping you with your webinars and campaigns, and through partial payments and extended terms, a webinar business booster package and other support programs. We can also create your ads and written content, and coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV brings unique value to the tech sector by providing a range of video interviews, news, views and reviews, and also gives vendors the opportunity to promote your business and marketing messages.

We’ll work with you to develop the message and conduct the interview or product review in a safe and collaborative manner. In contrast to other tech YouTube channels, we create a story around your message and publish it on the ITWire homepage by linking to your message.

In addition, your interview post message can be displayed in up to 7 different post ads on our website iTWire.com to drive traffic and readers to your video content and downloads. This can be a significant lead generation opportunity for your company.

We also offer 3 videos in one recording / session if you wish so that you have a range of videos to promote to your clients. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in tech news, views, interviews, reviews, product promos, and events. Plus funny videos from our readers and customers.

SEE WHAT’S ON ITWIRE TV NOW!

.

Source link
#iTWire #Sec #expert #warns #gossip #disappearance #REvil

Leave a Reply