REvil ransomware group is staying busy during the escalation in Microsoft Exchange server attacks. The group has claimed attacks on nine different organizations in the past two weeks.

Documents relating to the business of each victim were discovered on Dark Web forums seemingly posted by REvil operators. Using the Gootloader Malware loader, they are able to plant their ransomware within victim machines.

REvil’s ability to use different payloads such as Kronos trojan, Cobalt Strike, or Gootloader allow the group to diversify their attacks. It’s evident REvil is always looking to expand upon their attacking abilities. Just last week they announced they’ll be looking to call victims’ business partners or contacting the media in order to out the victim companies and apply pressure on decision makers to make ransom payments.

The efforts made to improve attack methods and evade security need to be combative with the same intensity in order to mitigate peristent threats. REvil has been active since 2019, and they’ve shown security experts they don’t plan to stop attacking organizations any time soon.

Engaging with a firm like SpearTip is the best option for organizations to avoid the embarrassment stemming from ransomware attacks. Think about how public perception and brand reputation impact your business. When you endure a ransomware attack, these important pieces to your puzzle are damaged.

As long as ransomware attacks lead to revenue for threat groups, they’ll continue to perform them. Don’t let it happen. Call SpearTip.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.