[MART] - Daily Diary #375 - Sodinokibi Servers Offline Again

CTAS-MAT ctas-mat at appgate.com
Fri Oct 22 21:20:29 UTC 2021

I hope everyone is doing well!

Below is the entry for today.

10/22/2021 - Diary entry #375

In our Daily Diary #307, we covered the mysterious disappearance of the ransomware group REvil (a.k.a. Sodinokibi). And, on our Daily Diary #343, we covered their infrastructure going back online. At the time, FBI took control of some servers owned by REvil affiliates, and provided Kaseya with the universal decryptor to multiple machines affected in the attack covered in our Daily Diary #310.

Now REvil structure is offline once again, after a coordinated attack on multiple governments. According to a few sources, this was a joint effort of "The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries". Our team has access to Sodinokibi's Happy Blog which is now offline, showing a nginx error.

It's not the first time an offensive operation is coordinated against a cyber crime group. In our Daily Diaries #194 and #195 we covered Emotet disruption, that ended up with the infrastructure taken down and some members being arrested. This operation is considered one of the most successful coordinated operations against cyber crime, as so far the Emotet operation has not recovered.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Security Researcher

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20211022/fa9764e4/attachment.htm>

More information about the MART mailing list