"REvil Ransomware Group is Back as "Happy Blog" Returns"

An infamous ransomware group that appeared to shutter its operations following a significant supply chain attack on IT software provider Kaseya seems to be back in business.  REvil/Sodinokibi rasnomware has been used by countless affiliates to extort money from companies as diverse as now-defunct Travelex, Jack Daniels-maker Brown-Forman, and meat processing giant JBS.    Last year the REvil group claimed to have amassed a fortune of $100m through its efforts.  After the July Kasweya attack,  President Biden ordered his intelligence agencies to investigate.  Some researchers speculated that the ransomware group was simply lying low and would likely return with different branding.  However, that doesn’t appear to be the case, with the group’s “Happy Blog” site now back up and running, according to researchers at Recorded Future. The site is where REvil publishes data exfiltrated from its victims in order to force them to pay up.  The website is currently still listing the same victims it listed at the time of its shutdown on July 13, and REvil’s ‘payment portal,’ where victims are told to go and negotiate with the REvil gang, has also been restored at the same old dark web .onion URL.

Infosecurity reports: "REvil Ransomware Group is Back as "Happy Blog" Returns"