REvil continues to expand worldwide

July 28, 2021
| No comments
Kaspersky_news

Share post

In July, the ransomware group REvil, aka Sodinokibi, attacked managed service providers (MSPs) and their customers around the world in a major cyberattack, making thousands of companies potential victims of ransomware. Kaspersky researchers have already observed over 5.000 infection attempts in Europe, North and South America.

With its own Threat Intelligence Service, Kaspersky was able to identify more than 5.000 attempted attacks by the ransomware-as-a-Service (RaaS) operator REvil in 22 countries. Most of the attack attempts were made in the following five countries:

  • Italy (45,2 percent)
  • USA (25,9 percent)
  • Colombia (14,8 percent)
  • Germany (3,2 percent)
  • Mexico (2,2 percent)

Vladimir Kuskov, Head of Threat Exploration at Kaspersky, comments on the attack as follows

Other REvil aka Sodinokibi attacks registered worldwide (Image: Kaspersky).

“After the attacks, including on Colonial Pipeline and JBS, ransomware groups and their partners continue to increase their efforts with regard to high-profile attacks. This time around, REvil operators carried out a massive attack on MSPs with thousands of managed companies around the world, infecting them as well. This attack shows once again how important it is for companies to implement suitable cybersecurity measures and solutions at all levels - including suppliers and partners. "

Kaspersky products detect and protect against this threat with the following names:

  • UDS: DangerousObject.Multi.Generic
  • Trojan-Ransom.Win32.Gen.gen
  • Trojan-Ransom.Win32.Sodin.gen
  • Trojan-Ransom.Win32.Convagent.gen
  • PDM: Trojan.Win32.Generic (with behavior detection)

 

More at Kaspersky.com

 

About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more

Kaspersky, Short news
, , , ,