LV Ransomware Group Repurposed REvil Binary, Researchers Find
Dennis Fisher reports:
Researchers have discovered that the LV ransomware that has been in use since late 2020 is actually a modified version of the REvil ransomware binary that is being distributed by a separate threat group.
An analysis of the LV ransomware binary by Secureworks Counter Threat Unit researchers shows that LV is a version of the REvil 2.03 beta binary that has been modified slightly. The LV operators have their own payment and leak sites and seem to have the capacity to set up a ransomware-as-a-service (RaaS) operation, but Secureworks researchers said they have not seen it advertised on underground forums at this point.
Read more on Decipher.
The research report by Secureworks can be found here.