The REvil ransomware operation introduced this week that they’re utilizing DDoS assaults and voice calls to journalists and sufferer’s enterprise companions to generate ransom funds.
The REvil ransomware operation, also referred to as Sodinokibi, is a ransomware-as-a-service (RaaS) the place the ransomware operators develop the malware and cost website, and associates (adverts) compromise company networks to deploy the ransomware.
As a part of this deal, the REvil builders earn between 20-30% of ransom funds, and the associates make the remaining 70-80%.
To strain victims into paying a ransom, ransomware gangs have more and more turned to a double-extortion tactic, the place attackers steal unencrypted information that they threaten to launch if a ransom isn’t paid.
Now utilizing VOIP calls and DDoS assaults
In February, the REvil ransomware operation posted a job discover the place they had been trying to recruit individuals to carry out DDoS assaults and use VOIP calls to contact victims and their companions.
At the moment, a safety researcher generally known as 3xp0rt discovered that REvil has introduced that they had been introducing new techniques that associates can use to exert much more strain on victims.
These new techniques embrace a free service the place the menace actors, or affiliated companions, will carry out voice-scrambled VOIP calls to the media and sufferer’s enterprise companions with details about the assault.
The ransomware gang is probably going assuming that warning companies that their information might have been uncovered in an assault on of their companions, will create additional strain for the sufferer to pay.
REvil can be offering a paid service that enables associates to carry out Layer 3 and Layer 7 DDoS assaults in opposition to an organization for max strain.
A Layer 3 assault is often used to take down the corporate’s Web connection. In distinction, menace actors would use a Layer 7 assault to take down a publicly accessible software, equivalent to an online server.
In October, we reported that the SunCrypt and Ragnar Locker ransomware operations had begun to use DDoS attacks against victims to strain them to pay. In January 2021, the Avaddon ransomware gang began using this tactic as well, so it isn’t stunning to see different operations start using these assaults as effectively.
Whereas VOIP calls to victims to exert strain have been used by quite a few ransomware operations, BleepingComputer isn’t conscious of calls made to journalists or sufferer’s enterprise companions.