On May 15-16, 2022, a channel on the Rocket.Chat server operated by the Islamic State (ISIS) published an Arabic- and English-language post claiming that a Russia-based organized cyber crime group, "REvil," also known as "Sodinokibi," has resumed activity on the dark web. Both posts explained that Russian authorities have authorized the group's return to activity in response to recent sanctions imposed by the West following Russia's invasion of Ukraine.
The Russia-based ransomware crime organization "REvil" is known carrying out cyber attacks and threatening to publish hacked information unless a ransom is paid. Threats are published on the group's page, "Happy Blog." REvil recruits affiliates to disseminate their ransomware, and as part of such arrangements, affiliates and ransomware developers receive a share of the ransom.
The U.S. Department of State issued a statement on November 8, 2021, offering a reward of $10 million "for information leading to the identification or location of any individual holding a key leadership position in the Sodinokibi ransomware variant transnational organized crime group," and an additional reward of up to $5 million for information "leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident."
The full text of this report is available to MEMRI Jihad and Terrorism Threat Monitor subscribers.
Subscription information is available at this link.
JTTM subscribers can visit this page to view the report