So much for the end of REvil! Almost two weeks after Russian authorities orchestrated high profile arrests of cyber criminals affiliated with the notorious ransomware group, there has been little change in malicious activity associated with the group, ReversingLabs data shows.
In fact, detections of files and other software modules associated with the REvil ransomware increased modestly in the week following the arrests by Russia’s FSB intelligence service. That contrasts with statements by the Russian government, which characterized the arrests by the Federal Security Services (FSB) as a decisive action against REvil (aka “Sodinokibi”) after which the group “ceased to exist.”
The Russian government announced the arrests of 14 alleged REvil/Sodinokibi members on January 14. At the time, the move was interpreted as a friendly gesture to the West, which has long called for Russia to take action against a long list of criminal ransomware groups that operate from within the country.
Article Link: After Russian Arrests, REvil Rolls On