The REvil ransomware campaign has resumed, according to new malware samples and a new Tor-based leak website.
Secureworks, which watches the REvil group as Gold Southfield, examined malware samples allegedly developed in March and April and concluded that the developer has access to the original REvil source code.
Avast said in late April that it had blocked a ransomware sample that appeared to be a new REvil strain, but that it did not encrypt files and just added a random extension. According to Secureworks, the weakness was introduced by the malware developer, and the ransomware is still in development. Secureworks outlined the differences between new samples and prior versions of REvil on Monday.
Read More: https://www.securityweek.com/new-malware-samples-indicate-return-revil-ransomware
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
