Fortgale Blog » revil

September 27, 2021 ·Emerging Threats

Backdoor inside REvil Ransomware

Backdoor discovered inside the REvil ransomware affiliate build: developer access to victim payments, affiliate-trust implications and underground reactions.

Read the analysis

September 20, 2021 ·Emerging Threats

REvil/Sodinokibi Ransomware decryptor

Universal decryptor released for REvil/Sodinokibi: scope of recovery, conditions of usability and operational guidance for victims with encrypted backups.

Read the analysis

September 13, 2021 ·Emerging Threats

REvil infrastructure back online

REvil ransomware infrastructure resurfaces after the July 2021 shutdown: leak site, payment portal status and tracking signals for the rebuilt operation.

Read the analysis

August 2, 2021 ·Emerging Threats

Ransomware Evolution and Group Reorganization

Over the past year, ransomware and cyberattacks have experienced exponential growth. In 2020, the FBI reported a 400% increase in cyberattacks—incidents that have not only become more frequent but also more precise, accurate, and methodical. Below is an examination of the reorganization of several prominent criminal groups. BlackMatter A new ransomware gang named BlackMatter is … Read more

Read the analysis

July 12, 2021 ·Emerging Threats

REvil Kaseya — sample analysis

Technical analysis of the REvil ransomware sample dropped through the Kaseya VSA supply-chain compromise: code structure, encryption logic, and supply-chain risk lessons.

Read the analysis

June 1, 2021 ·Emerging Threats

Business Ransomware: ongoing reorganisation

Ransomware ecosystem reorganisation following law-enforcement pressure: rebrandings, splinter groups, affiliate movement and intelligence priorities for defenders.

Read the analysis

May 24, 2021 ·Emerging Threats

Protected: DarkSide — The group and its evolution

There is no excerpt because this is a protected post.

Read the analysis

May 19, 2021 ·Featured

REvil Ransomware Operator: A time zone analysis

In April 2021, an unidentified Gold Southfield operator carried out a Ransomware attack against a European company. The initial access is performed by Gold Cabin, an access broker, that deploys IceID (Bokbot), a Remote Access Tool (RAT) malware[link]. Once inside the company, the access broker passes privileges to the main operator who deploys the REvil ransomware. This threat actor … Read more

Read the analysis

May 17, 2021 ·Emerging Threats

REvil Ransomware: Linux server encryption variant available

REvil ransomware Linux build: ESXi/Linux server encryption capability, deployment patterns observed and detection considerations for hybrid environments.

Read the analysis

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie & Privacy