Latest coverage for REvil

Also, Medusa Ransomware, Grafana Flaw, German Political Party BreachThis week, German police unmasked a REvil leader, a critical Docker flaw, Medusa ransomware surged, DPRK hackers abused GitHub, Grafana AI bugs enabled data theft, scams hit $20B in the United States, Ivanti exploited and attacks hit Northern Ireland schools and a German political party.

The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]

Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identities of two of the key figures associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation

An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.

REvil affiliate Yaroslav Vasinskyi, who was convicted last year for his role in the 2021 Kaseya ransomware supply chain attack, said the Russian government was instrumental to the attack's execution.

Russian judge lets off accused with time served – but others who refused to plead guilty face years in penal colony Four convicted members of the once-supreme ransomware operation REvil are leaving captivity after completing most of their five-year sentences.…

Four REvil ransomware members arrested in January 2022 were released by Russia on time served after they pleaded guilty to carding and malware distribution charges. [...]

Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil)

Also: Breaches at OnePoint Patient Care and French ISP FreeThis week: S&P said poor material vulnerability remediaton can be a material risk factor, OnePoint in the United States and French ISP Free suffered data breaches, a Russian court sentenced REvil members, Five Eyes published security guidelines for small businesses.

Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges

Russia has sentenced four members of the REvil ransomware operation to over 4 years in prison for distributing malware and illegal circulation of means of payment. [...]

Charges against the ransomware gang member included damage to computers, conspiracy to commit fraud, and conspiracy to commit money laundering.

Also: Another Ivanti Zero-Day? And FBI Calls for Strengthening DMARC PoliciesThis week, REvil hacker sentenced; ZDI saw possible Ivanti-zero-day; FBI said to strengthen DMARC policies; Okta saw surge in credential stuffing attacks; French hospital refused to pay ransom; JPMorgan, debt collection agency and healthcare company were breached; and ex-NSA employee was sentenced.

Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. [...]

A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims

A US court has sentenced a Ukrainian national to 13 years and seven months in prison for his role in over 2500 ransomware attacks using the REvil strain

After extorting $700 million from thousands of victims A Ukrainian man has been sentenced to almost 14 years in prison and ordered to pay more than $16 million in restitution for his role in infecting thousands of victims with REvil ransomware.…

3 Suspects Charged With Using Sugar Ransomware, Phishing Attacks Against RussiansRussian authorities have reportedly arrested three accused members of the SugarLocker ransomware-as-a-service operation. Their alleged crime? Targeting Russians, although one suspect has also been tied to a massive hack of Australian health insurer Medibank and subsequent data leak.

Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank