The REvil group is still active around the cybercriminal landscape despite getting arrested by the Russian government. As per reports, the group’s ransomware-as-a-service enterprise is still fully operational and is still causing trouble worldwide.
Data from researchers showed that the ransomware group’s behaviour and activity are ongoing at the moment, which concludes that the arrest of the alleged REvil members has not entirely affected their operations.
Researchers still discovered a daily average of about 50 new REvil implants after their arrest. In addition, the daily average of the ransomware implant is consistent at 24 attacks per day. However, after the arrest, the implants had spiked up to nearly 27 a day instead of going down.
Experts said that the glory days of the REvil ransomware group were from July to August last year, where they averaged 89 implants per day. Fortunately, the law enforcement managed to dwindle the REvil’s implant numbers down after a series of arrests took place against the group’s members worldwide.
Governments’ efforts to fight REvil might be overlooked by many because the activities of the ransomware group are still ongoing.
Last year, the Russian government had apprehended about 14 suspects, allegedly members of the REvil ransomware group. After being accused by cybersecurity groups of enabling threat actors to rise in their territory, the Russian government has made this move.
On the other hand, Europol has successfully arrested about seven suspects, who allegedly played an essential role in the attacks against numerous entities conducted by the ransomware group.
As of now, experts doubt the effectiveness of the recent arrest against the ransomware gang. They also question cybersecurity law enforcement if the arrest of high-profile REvil members makes a difference since there are no signs the group will stop soon.
The recent discovery of the current activities of the REvil group is an ominous sign since they just showed that even their members are arrested, they will not stop their criminal activities. Fortunately, analysts and security teams promised to continue collaborating to take down the most infamous threat known to cybersecurity history.