Ransomware tracker: the latest figures [November 2022]

* Note: this Ransomware Tracker is updated on the 10th day of each month to stay current *

Has REvil returned?

That’s one question many cybersecurity researchers and law enforcement officials have been asking over the last month, after the once-dormant ransomware gang seemed to be taking credit for a handful of attacks.

REvil, also known as Sodinokibi, was tied to seven new attacks in October, according to data collected by Recorded Future from extortion sites, government agencies, news reports, hacking forums, and other sources. The original group shut down its operations in October 2021, and Russia’s Federal Security Service (FSB) announced a few months later that it had arrested several of the group’s members.

But in April, the group’s extortion site and some of its infrastructure started running again. This week, for example, the group took credit for the attack on Medibank, one of Australia’s largest health insurers.

Researchers, however, say that it’s not yet clear if the group is the same as the original gang, which was linked to attacks on ​​JBS Foods and IT provider Kaseya.

Allan Liska, a ransomware expert at Recorded Future who tracks the groups, said he believes the attackers were not the core original REvil gang. “Right now, all we can say is it’s not nearly as prolific as the original,” he said. “Whether that is because of lack of skill or lack of opportunity, I am not sure.”

In addition to the renewed attention on REvil, October saw continued attacks on national government agencies. In late October, the BlackCat ransomware gang said it attacked systems belonging to Ecuador’s military. Costa Rica, Argentina, the Dominican Republic, and other countries have dealt with similar incidents in recent months.

🧵One of the questions I get asked a lot by reporters is: What is the most overlooked ransomware story?

This year, I think the answer is the number of national governments/national government agencies hit by ransomware.

— Allan “Ransomware Sommelier🍷” Liska (@uuallan) November 4, 2022

Graphs from this ongoing project can be shared and reproduced with proper attribution.