REvil Now Making Calls to Business Partners

The REvil ransomware group often introduces new tactics to benefit itself and its affiliates. This time it has adopted a new tactic that its affiliates can use to exert even more pressure on victims.

What’s new this time?

REvil operators are now utilizing DDoS attacks and making VOIP calls to victims’ business partners and journalists.
  • This active campaign includes a free service where the group or affiliated partners will perform voice-scrambled VOIP calls to the media and victim’s business partners with information about the attack to create additional pressure.
  • Moreover, the gang is providing a paid service that allows affiliates to perform Layer 3 and Layer 7 DDoS attacks against the victims.

Behind the scenes

In February, REvil operators had posted a job notice in which they were looking to recruit people to perform DDoS attacks and use VOIP calls to contact victims and their associated partners.

Related activities

The implementation of DDoS attacks by ransomware gangs has been observed in the past as well.

  • In January, the Avaddon ransomware gang was observed using DDoS attacks to take down a victim’s network to force victims into paying the ransom.
  • The active use of DDoS attacks was first spotted in October 2020 by SunCrypt and Ragnar Locker ransomware operations.

Recent REvil activities

Conclusion

It would be safe to state that REvil will keep updating its tactics to maximize its profit. The use of DDoS attacks and VOIP calls by ransomware gangs basically creates extra pressure on the victims. It is inspiring several other gangs as well into utilizing these tactics.

Source

Next Post

Uber, Lyft to share data on drivers banned for sexual, physical assault

Fri Mar 12 , 2021
Uber and Lyft will share information on drivers that have been banned from their platforms for reasons including sexual and physical assault.  The Industry Sharing Safety Program, announced on Thursday, will be managed by workforce solutions provider HireRight.  If drivers are banned from working on one of the firms’ platforms […]