New malware samples and a new Tor-based leak website suggest that the REvil ransomware operation has been resumed.
Secureworks, which tracks the group behind REvil as Gold Southfield, has conducted an analysis of malware samples apparently created in March and April, and determined that the developer likely has access to the original REvil source code.