Show Notes

Rob Pantazopoulos from Secureworks, joins Dave to discuss their work on “REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence.” Secureworks researchers published a new analysis on what can be considered the ‘first’ set of ransomware samples associated with the reemergence. These updated samples indicate that GOLD SOUTHFIELD has resumed operations.

The research states “The identification of multiple samples containing different modifications and the lack of an official new version indicate that REvil is under active development.” Researchers identified two samples, one in October of 2021, and the other in March of 2022. The March sample has modifications that lead researchers to distinguish the two samples from one another.

The research can be found here: