![megasync safe reddit megasync safe reddit](https://cdn.lo4d.com/t/screenshot/megasync.jpg)
We observed the site being unstable at times – in some instances showing a blank page with no victims listed.
![megasync safe reddit megasync safe reddit](https://static.mothership.sg/1/2019/03/2019-03-20-11.09.00.jpg)
![megasync safe reddit megasync safe reddit](https://i.redd.it/hpiw3cw79ri01.jpg)
The organizations were an India-based oil organization, a U.S.-based education organization and a France-based sign manufacturer. Instead, the same potential victims were added and then removed several times. Typically, when an organization is removed from the site, it’s because they have paid the ransom, but this does not appear to be the case here. It is also possible that the blog is being recreated by another group – not necessarily the same threat actors who claimed the work of REvil before.ĭuring early May, we noticed new alleged victim organizations being listed and then removed from the site numerous times.
#MEGASYNC SAFE REDDIT UPDATE#
Additionally, the proof of concept links are offline or removed for old victims, leading Unit 42 to believe that the website was revived from a backup and it didn’t update any of the content inside the posts. Of particular note, the new site also looks a bit different from the original “Happy Blog” led by the original REvil group – for example, the new site includes an RSS 2.0 feed and a “Join Us” section for active affiliate recruiting. On April 20, 2022, REvil’s old leak site came back online and started redirecting visitors to a new Onion address, listing new and previous victims. The dissolution of REvil was due to major multi-government entities pursuing the group’s operations, with arrests occurring, infrastructure seized, the disappearance of ransomware-as-a-service (RaaS) leadership and general mistrust between members of the group REvil, one of the most prolific ransomware groups of 2021, went offline in October 2021. REvil in 2022: New Observations of Ransom Notes, Leak Site, Payment Site and More If you think you may have been impacted, please get in touch with the Unit 42 Incident Response team. Palo Alto Networks WildFire, Threat Prevention and Cortex XDR detect and prevent REvil ransomware infections. The new information is included under the header “REvil in 2022.” We’ve updated our original report on REvil’s activity to include insights on the most recent samples and attacks – though we note that it is not yet clear whether the threat actors behind this activity are actually members of the original group or if this is REvil under a new administration. On April 20, 2022, REvil’s old leak site came back online. The absence, however, was apparently short lived. Updated June 3, 2022: In October 2021, REvil went offline at least in part due to major multi-government entities pursuing the group. It is now among an elite group of cyber extortion gangs that are responsible for the surge in debilitating attacks that have made ransomware among the most pressing security threats to businesses and nations around the globe. That group morphed into REvil, grew and earned a reputation for exfiltrating massive data sets and demanding multimillion dollar ransoms. At the time, they were mostly focused on distributing ransomware through malvertising and exploit kits, which are malicious advertisements and malware tools that hackers use to infect victims through drive-by downloads when they visit a malicious website. We first encountered them in 2018 when they were working with a group known as GandCrab. While REvil (which is also known as Sodinokibi) may seem like a new player in the world of cybercrime, Unit 42 has been monitoring the threat actors tied to this group for three years.
#MEGASYNC SAFE REDDIT SOFTWARE#
subsidiary of the world’s largest meatpacking company based in Brazil, demanded $5 million from a Brazilian medical diagnostics company and launched a large-scale attack on dozens, perhaps hundreds, of companies that use IT management software from Kaseya VSA. In summer 2021, it extracted an $11 million payment from the U.S. REvil has emerged as one of the world’s most notorious ransomware operators.