REvil, a notorious ransomware-as-a-service (RaaS) group who was responsible for high profile attacks against companies like JBS Foods and Kaseya, is claiming responsibility for new attacks.

This might come as a surprise, as law enforcement agencies pushed REvil offline in October 2021, and Russia reportedly arrested 14 of the group’s members earlier this year.

The ransomware group announced on their “happy blog” new activity including attacks against corporations and data leaks. One of the groups listed as being attacked include Oil India, which disclosed its security breach last week, where it was required to shut down its computer systems.

According to the blog, REvil has threatened to start publishing exfiltrated data – including contracts, client information, and messaging chats – unless Oil India continues ransom negotiations.

Most of the other victims that were listed relate to past REvil attacks.

Meanwhile, a “Join Us” page that is written in Russian, explains how criminals can request to become an affiliate, offering benefits such as the “same proven (but improved) software” and an 80/20 split of the ransoms collected. Some might show reluctance to become an affiliate however, as there is past evidence that REvil had no issue scamming its fellow cybercriminals.

So now the question is - are these attacks being implemented now those of the same REvil group as before – or has a new RaaS Group taken control of REvil’s old site and pointed it to their own pages?

Or perhaps the new site is trying to gather information about those interested in becoming affiliates, where it’s collecting intelligence for law enforcement?

For now, there are no really clear answers. What is clear, is that you and your organization should be doing whatever you can to protect yourself from being a victim of a ransomware attack.

Story via Tripwire