REvil Initiates DDoS Attack

Industry: Hospitality | Level: Strategic | Source: Akamai

Akamai Security Intelligence Response Team (SIRT) was engaged on May 12th, 2022, by one of the network's hospitality customers, who has been the target of a Distributed Denial of Service (DDoS) attack. The attack utilized HTTP/2 GET requests and incorporated cache-busting techniques to ensure new requests were retrieved from the server. As analyzed by Akamai, the HTTP request contains a "554-byte message demanding payment. The message dictated in order for the attacks to cease, BTC needed to be transferred to a wallet address. There was also an additional geospecific demand, requesting the targeted company cease business operations across an entire country. If the targeted company did not comply with the business/political demands and did not pay the extortion by the desired timeline, a follow-up attack was threatened to affect business operations globally." The attacker claims to be a member of REvil, however, the claim needs additional investigation. Historically, REvil has not operated based on political motives and has been solely profit-driven, attacks with DDoS from REvil are not unprecedented with the activity potentially being testing grounds for new operation schemes. Threat actors are constantly testing new business models and the recent wave of groups such as Karakurt and Blackbyte have operated without the need for ransomware.