Changes in REvil ransomware version 2.2

By the Intel 471 Malware Intelligence team. Summary The REvil ransomware-as-a-service (RaaS) operation continues to impact businesses worldwide. The threat actors responsible for developing and maintaining the malware have released an updated ransomware, namely version 2.2. In this short blog post, we will cover the significant changes from the previous version, which we covered inContinue reading “Changes in REvil ransomware version 2.2”

Understanding the relationship between Emotet, Ryuk and TrickBot

By the Intel 471 Malware Intelligence team. One of the more notable relationships in the world of cybercrime is that between Emotet, Ryuk and TrickBot. This loader-ransomware-banker trifecta has wreaked havoc in the business world over the past two years, causing millions of dollars in damages and ransoms paid. Our Malware Intelligence team receives aContinue reading “Understanding the relationship between Emotet, Ryuk and TrickBot”

REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation

By the Intel 471 Malware Intelligence team. Summary REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725. REvil is highly configurable and allows operators to customize the way it behavesContinue reading “REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation”