Until the 13th of July, 2021, things appeared to be going as expected with the threat actors behind REvil (AKA Sodinokibi) ransomware. Then, suddenly, the fairly public group vanished. With them disappeared their notorious “Happy Blog,” payment page, and other infrastructure that supported their ransomware and extortion operations. That same day, their primary representative was banned on the popular Russian-language forum XSS where they’d been a fixture since the inception of their brand of ransomware.
Today, there is still a lot of speculation on the whereabouts of REvil, and many great minds have some pretty informed hot takes.
Was it…
Since there’s been no official conclusion to this story, we at Digital Shadows performed the ancient intelligence ritual known as the Analysis of Competing Hypotheses (ACH) to see all the perspectives around specific events and moments that may help shed light on a most likely outcome.
Spoiler alert: We’re still not entirely sure. Also, this is still just, like, our opinion, man, so please take it with a grain of salt.
What is an ACH?
An analysis of Competing Hypotheses (ACH) is typically a tabletop exercise that gathers intelligence analysts in a dark, smoke-filled room or a cave for hours to days at a time for a reasoned discussion. Much of the talk is usually based on what we’ve seen or learned over time about this particular actor, which includes our observations, as well as outsiders’ ..
Support the originator by clicking the read the rest link below.
