Researchers at Unit 42 have been able to find connections between the Ransom Cartel Group and the now defunct REvil threat group. It appears that the Ransom Cartel Group managed to obtain the original source code of REvil, but lacks the obfuscation engine that encrypted strings and hid API calls. This research shows that there is likely a connection between the two groups, but it is not the REvil group rebranding under a different name. It is possible that some of the threat actors that were part of the original group are now part of the new group.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security