A new paper by AdvIntel is out, and it looks at the psychology of REvil, something that it obviously of great interest to me:
We have investigated REvil’s discourse and behavior by applying the methodologies and concepts of criminal psychology to identify the group’s unique characteristics revealed by their recent involvement in large, ethically questionable (attacks against medical institutions), and politically impactful extortions. By applying these methodologies, we attempt to achieve a deeper understanding of the group’s actions in order to successfully predict and prevent its operations.
It is an interesting report that includes references to threads and personalities on Exploit.in. I had already been following the threads and threat actors they refer to, so it’s interesting reading how they interpret some of what is going on there. While I agree with much of what they write, I’m not 100% sure I agree with their hypothesized rationale for why REvil is Russians-only. There’s more than one possible explanation for, or benefit from, that policy on their part.
Anyway, if you are interested in these different ransomware groups, you will want to read this article in its entirety.