{
	"id": "c6eecb79-abb5-470c-a436-079827ce6f5e",
	"created_at": "2026-04-06T00:19:54.805403Z",
	"updated_at": "2026-04-10T03:21:48.001975Z",
	"deleted_at": null,
	"sha1_hash": "6a682b0b0ff3cd6b9a4a47fbce560cd46c1a402d",
	"title": "Ransomware gang plans to call victim's business partners about attacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2393061,
	"plain_text": "Ransomware gang plans to call victim's business partners about attacks\r\nBy Lawrence Abrams\r\nPublished: 2021-03-06 · Archived: 2026-04-06 00:02:40 UTC\r\nThe REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and\r\nvictim's business partners to generate ransom payments.\r\nThe REvil ransomware operation, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) where the ransomware\r\noperators develop the malware and payment site, and affiliates (adverts) compromise corporate networks to deploy the\r\nransomware.\r\nAs part of this deal, the REvil developers earn between 20-30% of ransom payments, and the affiliates make the remaining\r\n70-80%.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nTo pressure victims into paying a ransom, ransomware gangs have increasingly turned to a double-extortion tactic, where\r\nattackers steal unencrypted files that they threaten to release if a ransom is not paid.\r\nNow using VOIP calls and DDoS attacks\r\nIn February, the REvil ransomware operation posted a job notice where they were looking to recruit people to perform\r\nDDoS attacks and use VOIP calls to contact victims and their partners.\r\nToday, a security researcher known as 3xp0rt discovered that REvil has announced that they were introducing new tactics\r\nthat affiliates can use to exert even more pressure on victims.\r\nThese new tactics include a free service where the threat actors, or affiliated partners, will perform voice-scrambled VOIP\r\ncalls to the media and victim's business partners with information about the attack.\r\nThe ransomware gang is likely assuming that warning businesses that their data may have been exposed in an attack on of\r\ntheir partners, will create further pressure for the victim to pay.\r\nREvil is also providing a paid service that allows affiliates to perform Layer 3 and Layer 7 DDoS attacks against a company\r\nfor maximum pressure.\r\nForum post announcing new REvil extortion features\r\nA Layer 3 attack is commonly used to take down the company's Internet connection. In contrast, threat actors would use a\r\nLayer 7 attack to take down a publicly accessible application, such as a web server.\r\nIn October, we reported that the SunCrypt and Ragnar Locker ransomware operations had begun to use DDoS attacks\r\nagainst victims to pressure them to pay. In January 2021, the Avaddon ransomware gang began using this tactic as well, so it\r\nis not surprising to see other operations begin utilizing these attacks as well.\r\nWhile VOIP calls to victims to exert pressure have been used by numerous ransomware operations, BleepingComputer is\r\nnot aware of calls made to journalists or victim's business partners.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/"
	],
	"report_names": [
		"ransomware-gang-plans-to-call-victims-business-partners-about-attacks"
	],
	"threat_actors": [],
	"ts_created_at": 1775434794,
	"ts_updated_at": 1775791308,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6a682b0b0ff3cd6b9a4a47fbce560cd46c1a402d.pdf",
		"text": "https://archive.orkl.eu/6a682b0b0ff3cd6b9a4a47fbce560cd46c1a402d.txt",
		"img": "https://archive.orkl.eu/6a682b0b0ff3cd6b9a4a47fbce560cd46c1a402d.jpg"
	}
}