The notorious ransomware gang "REvil" (aka Sodinokibi) has vanished from the Internet without any explanation. The disappearance of REvil occurred around the same time that its representatives were banned from Russian-speaking cybercriminal forums and a group of REvil’s, “Prometheus”, removed all mentions of REvil from its site. The disappearance also came shortly after REvil took responsibility for a large-scale supply-chain attack via the software supplier Kaseya, which allegedly resulted in one million systems being encrypted. It is likely that this attack may have resulted in pressure from law enforcement and possibly arrests of affiliates. It is also possible that REvil may have received a substantial profit from recent campaigns and deliberately shut down operations. Whatever the reason for the group’s disappearance, this event is likely to impact the ransomware threat landscape. REvil was one of the first groups to utilize “double extortion” techniques and set the path many other ransomware groups followed.
ShadowTalk hosts Sean, Alec, Rick, and Ivan bring you the latest in threat intelligence. They cover CISA gu...
Other content in this Stream
This Solutions Guide to learn how to protect your organizations social footprint with the top Social Media Monitoring use cases Digital Shadows has identified.
As the leader in threat intel and drp SearchLight is the most comprehensive and awarded solution available. Ready to learn a better way to tackle Threat Intelligence? Get started today!
ShadowTalk hosts Sean, Alec, Rick, and Ivan bring you the latest in threat intelligence. They cover CISA guidelines on frequently exploited vulnerabilities , Q2 Ransomware and PunkSpider.
In this report, Digital Shadows’ Photon Team analyzed a data set of more than 175,000 impersonating domains raised to our clients over four months of 2021.
This guide outlines what potential data sources, detection methods, context, and remediation actions to consider if you want to effectively monitor domains and mitigate the risk of data loss, exposed
This infographic details the two high level types of domain impersonation: typosquats and combosquats, and the 10 different strategies used by threat actors.
ShadowTalk hosts Sean, Ivan, and Charles bring you the latest in threat intelligence.
ShadowTalk hosts Stefano, Adam, Kim, and Dylan bring you the latest in threat intelligence.
US President Joe Biden recently signed an executive order (EO) aimed at strengthening network security for US federal government departments, and agencies and contractors working with them.
This guide shares years of operational best practices and expands on where dark web intelligence is useful and can be effectively leveraged into action for security teams.
ShadowTalk hosts Sean, Alec, Ivan, and Charles bring you the latest in threat intelligence.
A “Conti” ransomware attack on Ireland’s healthcare system, the Health Service Executive (HSE), significantly delayed the delivery of medical laboratory results and affected many outpatient services.
ShadowTalk hosts Stefano, Chris, Kim, and Xue bring you the latest in threat intelligence.
Colonial Pipeline Company fell victim to a cyber attack that resulted in 5,500 miles of its US fuel pipelines being shut down, causing public distress and fears of fuel shortages.
ShadowTalk hosts Alec, Ivan, Sean, and Digital Shadows CISO, Rick, bring you the latest in threat intelligence.
Security researchers discovered two unrelated cyber-threat campaigns targeting Microsoft SharePoint.
This guide outlines best practices for cyber threat intelligence and features resources to leverage when developing or improving your organization's cyber threat intelligence capabilities.