Lawrence Abrams reports:
The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks.
In October, the REvil ransomware gang shut down after a law enforcement operation hijacked their Tor servers, followed by arrests of members by Russian law enforcement.
A sample of the new ransomware operation’s encryptor was finally discovered this week by AVAST research Jakub Kroustek and has confirmed the new operation’s ties to REvil.
Read more at BleepingComputer.