Ransomfeed

Profilo, status e statistiche (dal 12-01-2020)

Dettaglio cyber gang
revil

Profilo gang by OSINT sources: [source: 0]

Sodinokibi ransomware group also known as REvil (Ransomware Evil) operates as a ransomware-as-a-service (RaaS) model. After the group compromised his victims, they would threaten to publish the victim's sensitive data on their darknet blog named 'Happy Blog', unless the ransom is paid. The ransomware malware code used by REvil is pretty similar to the ransomware code used by DarkSide - a different threat actor. REvil group claims to steal information after a successful attack on the supplier of the tech giant Apple and stole confidential schematics of their upcoming products.

Alerts:


Statistiche
N. rivendicazioni 2024 2023 2022
13 0 0 13
URLs
Fonte onionUltimo titoloStatusUltimo scrapeVersione Tor
dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion 404 Not Found 🔴 19-08-2022 3
aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion 404 Not Found 🔴 19-08-2022 3
blogxxu75w63ujqarv476otld7cyjkq4yoswzt4ijadkjwvg3vrvd5yd.onion Blog 🔴 06-01-2023 3
Materiale utile
URL ricerca source: 0
http://www.fsb.ru/fsb/press/message/single.htm%21id%3D10439388%40fsbMessage.html
http://www.secureworks.com/research/threat-profiles/gold-southfield
https://analyst1.com/file-assets/History-of-REvil.pdf
https://areteir.com/wp-content/uploads/2020/07/Arete_Insight_Sodino-Ransomware_June-2020.pdf
https://asec.ahnlab.com/ko/19640/
https://asec.ahnlab.com/ko/19860/
https://awakesecurity.com/blog/threat-hunting-for-revil-ransomware/
https://blag.nullteilerfrei.de/2019/11/09/api-hashing-why-and-how/
https://blag.nullteilerfrei.de/2020/02/02/defeating-sodinokibi-revil-string-obfuscation-in-ghidra/
https://blog.amossys.fr/sodinokibi-malware-analysis.html
https://blog.gigamon.com/2021/07/08/observations-and-recommendations-from-the-ongoing-revil-kaseya-incident/
https://blog.group-ib.com/REvil_RaaS
https://blog.intel471.com/2020/03/31/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation/
https://blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/
https://blog.morphisec.com/real-time-prevention-of-the-kaseya-vsa-supply-chain-revil-ransomware-attack
https://blog.redteam.pl/2020/05/sodinokibi-revil-ransomware.html
https://blog.sensecy.com/2020/08/20/global-ransomware-attacks-in-2020-the-top-4-vulnerabilities/
https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
https://blog.talosintelligence.com/2021/03/ctir-trends-winter-2020-21.html
https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware/
https://blog.truesec.com/2021/07/06/kaseya-vsa-zero-day-exploit
https://blogs.blackberry.com/en/2021/05/threat-thursday-dr-revil-ransomware-strikes-again-employs-double-extortion-tactics
https://blogs.blackberry.com/en/2021/11/revil-under-the-microscope
https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus
https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf
https://cocomelonc.github.io/malware/2023/02/02/malware-analysis-7.html
https://community.riskiq.com/article/3315064b
https://cti-league.com/wp-content/uploads/2021/02/CTI-League-Darknet-Report-2021.pdf
https://cybersecurity.att.com/blogs/labs-research/revils-new-linux-version
https://cybleinc.com/2021/07/03/uncensored-interview-with-revil-sodinokibi-ransomware-operators/
https://diicot.ro/mass-media/3341-comunicat-de-presa-2-08-11-2021
https://dissectingmalwa.re/germanwipers-big-brother-gandgrabs-kid-sodinokibi.html
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://documents.trendmicro.com/assets/rpt/rpt-navigating-new-frontiers-trend-micro-2021-annual-cybersecurity-report.pdf
https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b
https://download.microsoft.com/download/f/8/1/f816b8b6-bee3-41e5-b6cc-e925a5688f61/Microsoft_Digital_Defense_Report_2020_September.pdf
https://drive.google.com/file/d/1ph1E0onZ7TiNyG87k4WjofCKNuCafMLk/view
https://f.hubspotusercontent10.net/hubfs/5943619/Whitepaper-Downloads/Ransomware_in_ICS_Environments_Whitepaper_10_12_20.pdf
https://f.hubspotusercontent10.net/hubfs/7095517/FLINT-Kaseya-Another%20Massive%20Heist%20by%20REvil.pdf
https://gist.githubusercontent.com/fwosar/a63e1249bfccb8395b961d3d780c0354/raw/312b2bbc566cbee2dac7b143dc143c1913ddb729/revil.json
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
https://hatching.io/blog/ransomware-part2
https://home.treasury.gov/news/press-releases/jy0471
https://i.blackhat.com/eu-20/Wednesday/eu-20-Clarke-Its-Not-FINished-The-Evolving-Maturity-In-Ransomware-Operations-wp.pdf
https://i.blackhat.com/eu-20/Wednesday/eu-20-Clarke-Its-Not-FINished-The-Evolving-Maturity-In-Ransomware-Operations.pdf
https://ibm.ent.box.com/s/hs5pcayhbbhjvj8di5sqdpbbd88tsh89
https://ics-cert.kaspersky.com/media/KASPERSKY_H1_2020_ICS_REPORT_EN.pdf
https://intel471.com/blog/changes-in-revil-ransomware-version-2-2
https://isc.sans.edu/diary/27012
https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_1_tamada-yamazaki-nakatsuru_en.pdf
https://kaseya.app.box.com/s/0ysvgss7w48nxh8k1xt7fqhbcjxhas40
https://ke-la.com/darknet-threat-actors-are-not-playing-games-with-the-gaming-industry/
https://ke-la.com/easy-way-in-5-ransomware-victims-had-their-pulse-secure-vpn-credentials-leaked/
https://ke-la.com/how-ransomware-gangs-find-new-monetization-schemes-and-evolve-in-marketing/
https://ke-la.com/ransomware-gangs-are-starting-to-look-like-oceans-11/
https://ke-la.com/to-attack-or-not-to-attack-targeting-the-healthcare-sector-in-the-underground-ecosystem/
https://ke-la.com/will-the-revils-story-finally-be-over/
https://ke-la.com/zooming-into-darknet-threats-targeting-jp-orgs-kela/
https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/
https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/
https://krebsonsecurity.com/2021/11/revil-ransom-arrest-6m-seizure-and-10m-reward/
https://mandiant.widen.net/s/pkffwrbjlz/m-trends-2023
https://medium.com/@underthebreach/tracking-down-revils-lalartu-by-utilizing-multiple-osint-methods-2bf3a6c65a80
https://medium.com/s2wlab/deep-analysis-of-revil-ransomware-written-in-korean-d1899c0e9317
https://medium.com/s2wlab/w4-may-en-story-of-the-week-ransomware-on-the-darkweb-5f5b8d4c3b6f
https://news.sophos.com/en-us/2021/06/11/relentless-revil-revealed/
https://news.sophos.com/en-us/2021/06/30/mtr-in-real-time-hand-to-hand-combat-with-revil-ransomware-chasing-a-2-5-million-pay-day/
https://news.sophos.com/en-us/2021/06/30/what-to-expect-when-youve-been-hit-with-revil-ransomware/
https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses
https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/
https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/
https://public.intel471.com/blog/revil-ransomware-interview-russian-osint-100-million/
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE54L7v
https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2022-05-01-revil-reborn-ransom.vk.cfg.txt
https://redcanary.com/blog/uncompromised-kaseya/
https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/
https://research.checkpoint.com/2023/following-the-scent-of-trickgate-6-year-old-packer-used-to-deploy-the-most-wanted-malware/
https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf
https://russian.rt.com/russia/article/926347-barnaulec-rozysk-fbr-kibermoshennichestvo
https://searchsecurity.techtarget.com/feature/Ransomware-negotiations-An-inside-look-at-the-process
https://securelist.com/ransomware-world-in-2021/102169/
https://securelist.com/revil-ransomware-attack-on-msp-companies/103075/
https://securelist.com/sodin-ransomware/91473/
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/
https://securityaffairs.co/wordpress/98694/malware/sodinokibi-kenneth-cole-data-breach.html
https://securityintelligence.com/posts/sodinokibi-ransomware-incident-response-intelligence-together/
https://securityintelligence.com/posts/sodinokibi-revil-ransomware-disrupt-trade-secrets/
https://securityscorecard.com/research/a-detailed-analysis-of-the-last-version-of-revil-ransomware
https://sites.temple.edu/care/ci-rw-attacks/
https://storage.courtlistener.com/recap/gov.uscourts.txnd.351760/gov.uscourts.txnd.351760.1.0_3.pdf
https://storage.courtlistener.com/recap/gov.uscourts.txnd.352371/gov.uscourts.txnd.352371.1.0_1.pdf
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/kaseya-ransomware-supply-chain
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sodinokibi-ransomware-cobalt-strike-pos
https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf
https://teamt5.org/en/posts/introducing-the-most-profitable-ransomware-revil/
https://teamt5.org/tw/posts/revil-dll-sideloading-technique-used-by-other-hackers/
https://tehtris.com/fr/peut-on-neutraliser-un-ransomware-lance-en-tant-que-system-sur-des-milliers-de-machines-en-meme-temps/
https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
https://thehackernews.com/2022/03/ukrainian-hacker-linked-to-revil.html
https://therecord.media/an-interview-with-blackmatter-a-new-ransomware-group-thats-learning-from-the-mistakes-of-darkside-and-revil/
https://therecord.media/darkside-gang-estimated-to-have-made-over-90-million-from-ransomware-attacks/
https://therecord.media/darkside-ransomware-gang-says-it-lost-control-of-its-servers-money-a-day-after-biden-threat/
https://therecord.media/i-scrounged-through-the-trash-heaps-now-im-a-millionaire-an-interview-with-revils-unknown/
https://therecord.media/ransomwhere-project-wants-to-create-a-database-of-past-ransomware-payments/
https://therecord.media/revil-ransomware-executes-supply-chain-attack-via-malicious-kaseya-update/
https://therecord.media/us-arrests-and-charges-ukrainian-man-for-kaseya-ransomware-attack/
https://threatintel.blog/OPBlueRaven-Part1/
https://threatpost.com/ransomware-revil-sites-disappears/167745/
https://twitter.com/AdamTheAnalyst/status/1409499591452639242?s=20
https://twitter.com/Jacob_Pimental/status/1391055792774729728
https://twitter.com/Jacob_Pimental/status/1398356030489251842?s=20
https://twitter.com/LloydLabs/status/1411098844209819648
https://twitter.com/R3MRUM/status/1412064882623713283
https://twitter.com/SophosLabs/status/1412056467201462276
https://twitter.com/SophosLabs/status/1413616952313004040?s=20
https://twitter.com/SyscallE/status/1411074271875670022
https://twitter.com/VK_Intel/status/1374571480370061312?s=20
https://twitter.com/VK_Intel/status/1411066870350942213
https://twitter.com/_alex_il_/status/1412403420217159694
https://twitter.com/fwosar/status/1411281334870368260
https://twitter.com/fwosar/status/1420119812815138824
https://twitter.com/resecurity_com/status/1412662343796813827
https://twitter.com/svch0st/status/1411537562380816384
https://unit42.paloaltonetworks.com/prometheus-ransomware/
https://unit42.paloaltonetworks.com/revil-threat-actors/
https://unit42.paloaltonetworks.com/threat-brief-kaseya-vsa-ransomware-attacks/
https://us-cert.cisa.gov/ncas/alerts/aa20-345a
https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa
https://velzart.nl/blog/ransomeware/
https://vimeo.com/449849549
https://vulnerability.ch/2021/04/ransomware-and-date-leak-site-publication-time-analysis/
https://web.archive.org/web/20210305181115/https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf
https://www.accenture.com/us-en/blogs/cyber-defense/evolving-danger-ransomware-extortion
https://www.accenture.com/us-en/blogs/cyber-defense/moving-left-ransomware-boom
https://www.acronis.com/en-sg/articles/sodinokibi-ransomware/
https://www.advanced-intel.com/post/adversarial-perspective-advintel-breach-avoidance-through-monitoring-initial-vulnerabilities
https://www.advanced-intel.com/post/from-qbot-with-revil-ransomware-initial-attack-exposure-of-jbs
https://www.advanced-intel.com/post/inside-revil-extortionist-machine-predictive-insights
https://www.advanced-intel.com/post/revil-vanishes-from-underground-infrastructure-down-support-staff-adverts-silent
https://www.advanced-intel.com/post/the-dark-web-of-intrigue-how-revil-used-the-underground-ecosystem-to-form-an-extortion-cartel
https://www.advintel.io/post/storm-in-safe-haven-takeaways-from-russian-authorities-takedown-of-revil
https://www.appgate.com/blog/electric-company-ransomware-attack-calls-for-14-million-in-ransom
https://www.bankinfosecurity.com/interviews/ransomware-files-episode-6-kaseya-revil-i-5045
https://www.bbc.com/news/technology-59297187
https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/wp-spark-state-of-ransomware.pdf
https://www.bleepingcomputer.com/news/security/a-look-inside-the-highly-profitable-sodinokibi-ransomware-business/
https://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/
https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-gang-rises-from-the-ashes-of-darkside-revil/
https://www.bleepingcomputer.com/news/security/darkside-ransomware-made-90-million-in-just-nine-months/
https://www.bleepingcomputer.com/news/security/fbi-revil-cybergang-behind-the-jbs-ransomware-attack/
https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/
https://www.bleepingcomputer.com/news/security/kaseyas-universal-revil-decryption-key-leaked-on-a-hacking-forum/
https://www.bleepingcomputer.com/news/security/new-jersey-synagogue-suffers-sodinokibi-ransomware-attack/
https://www.bleepingcomputer.com/news/security/popular-russian-hacking-forum-xss-bans-all-ransomware-topics/
https://www.bleepingcomputer.com/news/security/ransomware-threatens-to-reveal-companys-dirty-secrets/
https://www.bleepingcomputer.com/news/security/revil-gang-tries-to-extort-apple-threatens-to-sell-stolen-blueprints/
https://www.bleepingcomputer.com/news/security/revil-ransomware-devs-added-a-backdoor-to-cheat-affiliates/
https://www.bleepingcomputer.com/news/security/revil-ransomware-gang-claims-over-100-million-profit-in-a-year/
https://www.bleepingcomputer.com/news/security/revil-ransomware-gangs-web-sites-mysteriously-shut-down/
https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-encryption-mode/
https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-1-000-plus-companies-in-msp-supply-chain-attack/
https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-managedcom-hosting-provider-500k-ransom/
https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/
https://www.bleepingcomputer.com/news/security/revil-ransomware-shuts-down-again-after-tor-sites-were-hijacked/
https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/
https://www.bleepingcomputer.com/news/security/revils-tor-sites-come-alive-to-redirect-to-new-ransomware-operation/
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-travelex-demands-3-million/
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-publishes-stolen-data-for-the-first-time/
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-says-travelex-will-pay-one-way-or-another/
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/
https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/
https://www.boll.ch/datasheets/WG_Threat_Report_EN.pdf
https://www.br.de/nachrichten/deutschland-welt/mutmasslicher-ransomware-millionaer-identifiziert,Sn3iHgJ
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2020.pdf?__blob=publicationFile&v=2
https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-009/
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-001.pdf
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-009.pdf
https://www.certego.net/en/news/malware-tales-sodinokibi/
https://www.cnbc.com/2021/04/23/axis-of-revil-inside-the-hacker-collective-taunting-apple.html
https://www.connectwise.com/resources/revil-profile
https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound
https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware
https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/
https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/
https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout
https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/
https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-2/
https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/
https://www.crowdstrike.com/blog/how-crowdstrike-stops-revil-ransomware-from-kaseya-attack/
https://www.crowdstrike.com/blog/how-falcon-complete-thwarted-a-revil-ransomware-attack/
https://www.crowdstrike.com/blog/how-to-defend-against-conti-darkside-revil-and-other-ransomware/
https://www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/
https://www.cybereason.com/blog/cybereason-vs-revil-ransomware-the-kaseya-chronicles
https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/
https://www.cyjax.com/2021/07/09/revilevolution/
https://www.darkowl.com/blog-content/page-not-found-revil-darknet-services-offline-after-attack-last-weekend
https://www.darktrace.com/en/blog/staying-ahead-of-r-evils-ransomware-as-a-service-business-model/
https://www.databreaches.net/a-former-darkside-listing-shows-up-on-revils-leak-site/
https://www.digitalshadows.com/blog-and-research/competitions-on-russian-language-cybercriminal-forums-sharing-expertise-or-threat-actor-showboating/
https://www.digitalshadows.com/blog-and-research/ransomware-as-a-service-rogue-affiliates-and-whats-next/
https://www.digitalshadows.com/blog-and-research/revil-analysis-of-competing-hypotheses/
https://www.documentcloud.org/documents/21505031-hgsac-staff-report-americas-data-held-hostage-032422
https://www.domaintools.com/resources/blog/revealing-revil-ransomware-with-domaintools-and-maltego
https://www.domaintools.com/resources/blog/the-most-prolific-ransomware-families-a-defenders-guide
https://www.elastic.co/blog/elastic-security-prevents-100-percent-of-revil-ransomware-samples?utm_content=&utm_medium=social&utm_source=twitter
https://www.elastic.co/blog/ransomware-interrupted-sodinokibi-and-the-supply-chain
https://www.elliptic.co/blog/revil-revealed-tracking-ransomware-negotiation-and-payment
https://www.europol.europa.eu/newsroom/news/five-affiliates-to-sodinokibi/revil-unplugged
https://www.fbi.gov/wanted/cyber/yevgyeniy-igoryevich-polyanin
https://www.fincen.gov/sites/default/files/advisory/2021-11-08/FinCEN%20Ransomware%20Advisory_FINAL_508_.pdf
https://www.flashpoint-intel.com/blog/chatter-indicates-blackmatter-as-revil-successor/
https://www.flashpoint-intel.com/blog/cl0p-and-revil-escalate-their-ransomware-tactics/
https://www.flashpoint-intel.com/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/
https://www.flashpoint-intel.com/blog/interview-with-revil-affiliated-ransomware-contractor/
https://www.flashpoint-intel.com/blog/possible-universal-revil-master-key-posted-to-xss/
https://www.flashpoint-intel.com/blog/revil-disappears-again/
https://www.flashpoint-intel.com/blog/revils-cryptobackdoor-con-ransomware-groups-tactics-roil-affiliates-sparking-a-fallout/
https://www.goggleheadedhacker.com/blog/post/reversing-crypto-functions
https://www.goggleheadedhacker.com/blog/post/sodinokibi-ransomware-analysis
https://www.grahamcluley.com/travelex-paid-ransom/
https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/
https://www.hsgac.senate.gov/media/minority-media/new-portman-report-demonstrates-threat-ransomware-presents-to-the-united-states
https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox
https://www.huntandhackett.com/blog/revil-the-usage-of-legitimate-remote-admin-tooling
https://www.huntress.com/blog/security-researchers-hunt-to-discover-origins-of-the-kaseya-vsa-mass-ransomware-incident
https://www.ironnet.com/blog/ransomware-graphic-blog
https://www.justice.gov/opa/pr/sodinokibirevil-ransomware-defendant-extradited-united-states-and-arraigned-texas
https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya
https://www.kaseya.com/potential-attack-on-kaseya-vsa/
https://www.kpn.com/security-blogs/Tracking-REvil.htm
https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself
https://www.netskope.com/blog/netskope-threat-coverage-revil
https://www.nytimes.com/2019/08/22/us/ransomware-attacks-hacking.html
https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-ransomware-threat-report-2021.pdf
https://www.pandasecurity.com/emailhtml/2007-CAM-RANSOMWARE-AD360-WG/2006-Report-Sodinokibi-EN.pdf
https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware
https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf
https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf
https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html
https://www.recordedfuture.com/blackmatter-ransomware-successor-darkside-revil/
https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/
https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/
https://www.secureworks.com/blog/revil-development-adds-confidence-about-gold-southfield-reemergence?linkId=164334801
https://www.secureworks.com/blog/revil-ransomware-reemerges-after-shutdown-universal-decryptor-released
https://www.secureworks.com/blog/revil-the-gandcrab-connection
https://www.secureworks.com/research/lv-ransomware
https://www.secureworks.com/research/revil-sodinokibi-ransomware
https://www.secureworks.com/research/threat-profiles/gold-southfield
https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html
https://www.splunk.com/en_us/blog/security/kaseya-sera-what-revil-shall-encrypt-shall-encrypt.html
https://www.splunk.com/en_us/blog/security/revil-ransomware-threat-research-update-and-detections.html
https://www.splunk.com/en_us/pdfs/resources/whitepaper/an-empirically-comparative-analysis-of-ransomware-binaries.pdf
https://www.tgsoft.it/english/news_archivio_eng.asp?id=1004
https://www.trendmicro.com/en_in/research/21/k/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab.html
https://www.trendmicro.com/en_us/research/20/l/the-impact-of-modern-ransomware-on-manufacturing-networks.html
https://www.trendmicro.com/en_us/research/21/a/sodinokibi-ransomware.html
https://www.trendmicro.com/en_us/research/21/h/supply-chain-attacks-from-a-managed-detection-and-response-persp.html
https://www.trendmicro.com/en_us/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-as-a-service-enabler-of-widespread-attacks
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-double-extortion-and-beyond-revil-clop-and-conti
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-revil
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/diving-deeper-into-the-kaseya-vsa-attack-revil-returns-and-other-hackers-are-riding-their-coattails/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/undressing-the-revil/
https://www.washingtonpost.com/national-security/ransomware-fbi-revil-decryption-key/2021/09/21/4a9417d0-f15f-11eb-a452-4da5fe48582d_story.html
https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf
https://www.youtube.com/watch?v=LUxOcpIRxmg
https://www.youtube.com/watch?v=P8o6GItci5w
https://www.youtube.com/watch?v=QYQQUUpU04s
https://www.youtube.com/watch?v=l2P5CMH9TE0
https://www.youtube.com/watch?v=tZVFMVm5GAk
https://www.zdnet.com/article/revil-ransomware-gang-acquires-kpot-malware/
https://www.zdnet.com/article/revil-ransomware-gang-launches-auction-site-to-sell-stolen-data/
https://www.zscaler.com/blogs/security-research/kaseya-supply-chain-ransomware-attack-technical-analysis-revil-payload
Note di riscatto

revil : Crypto wallet(s)

address blockchain Balance
3BeQ9H5tByJK9CeeZftDsBFhgt1i5Q7AQK bitcoin $ 3006
3L7ECcRBCypxrS5U9Kw9WexcsHmX4wKYz6 bitcoin $ 11042163
34mMCqo83wc8GeLWjSPeQE8QiY9LKnkNuj bitcoin $ 47778
3JYLAk26kZPw62W6UD2Jyk5i9jhCAPJjg4 bitcoin $ 321653
3Jxwt3fmXhUwDNDQ4sWYCgahLGDVjy1SQm bitcoin $ 434830
3HTHHMm2YwNdwEDkGc6dRyxxKvByymeVqV bitcoin $ 286355
3E9F7gE3upQ8rgsPjwiKH7ugfdneypPjqj bitcoin $ 0

Last update : Monday 13/03/2023 21.09 (UTC)

Questo script colleziona ogni rivendicazione criminale esattamente come esposta dalle fonti (modello "As Is"), in un database SQL per creare un feed permanente, che può anche essere seguito con tecnologia RSS.
Il motore è basato sul progetto ransomFeed, fork in GitHub.

© ransomfeed.it 2024 | share with |