REvil (aka Sodinokibi) ransomware group, one of the most active ransomware groups of our time, is apparently planning for something big. The group that focuses more on private Ransomware-as-a-Service (RaaS) operations has made a stunning declaration.
The REvil ransomware group just deposited $1 million in bitcoins on a Russian-speaking hacker forum to attract more affiliates for their RaaS operations. Depositing such large money is a clear indication that the group is expanding or planning for something big.
According to an update on a forum post, they are recruiting new affiliates to spread their ransomware and looking for hackers skilled at penetration testing and few other technologies.
The group is now offering a 20%–30% cut to the developers behind this ransomware, and their affiliates will get 70%–80% of the ransom payments they generate.
The group seems to be changing its attack strategy. Until some time back, the ransomware operators were targeting retail organizations and manufacturers (mostly the food and beverage industry). However, recently, this has changed.
The ransomware group has been exploiting the CVE-2019-11510 vulnerability that exists in the Pulse Secure VPN server.
In addition to this, the group was spottedleaking and stealing data from targeted entities, similar to other major ransomware groups.
The way the REvil ransomware group is operating, future attacks are expected to be more sophisticated and deadlier. Thus, organizations should proactively prepare themselves by following good security practices suggested by experts, such as taking data backup, patching deployed applications, and following basic security hygiene.