A recent DDoS attack by a group claiming to be associated with the REvil ransomware gang has raised questions about a possible resurgence of the REvil gang or a copycat group trying to use the “REvil” name.
When investigating a customer suffering from a DDoS attack, cybersecurity firm Akamai explained that the group behind the attack claimed to be associated with REvil. However, it was difficult to say whether the group is actually REvil or whether it is just another group trying to use the name.
“It’s hard to tell [whether it is REvil or a copycat], attribution is difficult, especially in DDoS. This campaign compared to previously reported campaigns do have different traits that would suggest it isn’t the same group that launched the previously documented REvil attacks, but it’s hard to tell if those were even truly REvil, to be honest,” said Chad Seaman, Security Intelligence Response Team Engineer at Akamai.
Akamai believed that the attack could be linked to REvil due to similar patterns to the Russian-hacking group, as “revil” was part of the URL in the demands directed at operations teams and executives of the affected company.
However, this is not enough, as the DDoS attack is a politically motivated attack that contradicts REvil’s previous notions of attacking companies solely for financial gain.
While their main identity remains unknown, organizations are advised to take the best security measures to protect themselves from cyberattacks.