REvil Cyber Criminal Gang is Back With new DDoS Attacks
Table of Contents
- By Steven
- Published: May 31, 2022
- Last Updated: May 31, 2022
REvil, one of the most feared cyber gangs in the history of the internet, appears to have returned. The hacking collective is back on the scene with new DDoS attacks.
Who is REvil Targeting?
Individuals who insist they are the remaining members of REvil’s ransomware team are adamant they are zeroing in on Akamai. To be more specific, the hackers state they are primarily targeting Akamai’s clients though the scope of the attacks will likely expand as time progresses. If you have not yet updated your digital protections, now is the time to do so.
When did the Attacks Begin?
Digital security specialists have analyzed the attacks launched by the supposed REvil hacking collective in recent months. The most significant of the attacks, the DDoS attack, was levied on May 12. The digital security team was notified of the potential problem after a client made them aware of the threat. The attack turned out to be digital aggression from a group allegedly tied to REvil.
The timing of the May DDoS attack is interesting as it comes nearly one year after the original REvil went dark. The initial incarnation of REvil halted operations in the summer of 2021 after successful attacks against the likes of JBS foods, Kaseya and Apple. Affiliates of the cyber gang were subsequently arrested in November of 2021.
What Types of Attacks are Being Used?
REvil is using a Layer 7 attack. This digital attack is primarily focused on obtaining extortion payment in the form of a crypto ransom. REvil has mainly requested Bitcoin in its attacks. REvil is also taking credit for a DDoS campaign. DDoS is an acronym commonly used in tech circles to refer to a distributed denial-of-service attack.
The attacks have zeroed in on specific websites with the transmission of an HTTP/2 GET wave request sent over and over with techniques used for cache-busting. This unique approach is designed in such a manner to overpower the website’s defenses. Furthermore, the attack’s requests are advanced to the point that they even have built-in payment demands, a digital wallet used for bitcoin, and even include additional demands related to politics, business, finances, and more.
Is REvil Really Behind the Attack?
Though the supposed remnants of the REvil ransomware group insist they represent the collective, no one is sure whether they are legitimate. Digital security researchers who have delved into the matter believe the attack might not be REvil. Rather, the online attack could be conducted by a similar group or one looking to shift attention away from itself.
It is interesting to note that the previous hackers in the REvil collective were not political. However, the renewed REvil has a political agenda, making it appear that the two groups might be separate and distinct. The initial REvil hackers were strictly motivated by monetary gain instead of social or political justice. The political component of the recent attack is likely tied to a legal ruling pertaining to the group’s business model. There is also the potential that the new hackers have nothing to do with REvil and are simply using the defunct group’s name to intimidate targets.
