Ransom Cartel Ransomware: A Possible Connection With REvil

Ransom Cartel is ransomware as a service (RaaS) that surfaced in mid-December 2021. This ransomware performs double extortion attacks and exhibits several similarities and technical overlaps with REvil ransomware. REvil ransomware disappeared just a couple of months before Ransom Cartel surfaced and just one month after 14 of its alleged members were arrested in Russia. When Ransom Cartel first appeared, it was unclear whether it was a rebrand of REvil or an unrelated threat actor who reused or mimicked REvil ransomware code.

In this report, Palo Alto Unit 42 researchers will provide their analysis of Ransom Cartel ransomware, as well as their assessment of the possible connections between REvil and Ransom Cartel ransomware.

Read more…
Source: Palo Alto Unit 42