The REvil ransomware threat group is on a cyberattack tear, claiming over the past two weeks to have infected nine organizations across Africa, Europe, Mexico and the U.S.
The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the U.S.; as well as two large international banks (one in Mexico and one in Africa); and a European manufacturer. In an email interview with Threatpost, researchers with eSentire, who wrote an analysis of the threat group’s claims, said they would not name the victim companies.
“These new ransomware incidents, which the…gang is claiming, could certainly be plausible,” said Rob McLeod, senior director of the Threat Response Unit (TRU) for eSentire. “These attacks come directly on the heels of an extensive and well-planned drive-by-download campaign, which was launched in late December. This malicious campaign’s sole purpose is to infect business professionals’ computer systems with the…ransomware, the Gootkit banking trojan or the Cobalt Strike intrusion tool.”