This post has not much "added value" for Security Professionals, it is intended for local broader audiences.

This is a quick post to clarify some ambiguity that I have seen in the reporting and associated discussions.

In the recent weeks it came to light that a Ransomware Group dubbed REvil has been publishing a note that they compromised and extracted information from the Luxembourgish Supermarket Chain "Cactus Group". This was covered by Luxemburgish media, exposing the topic to a broader audience and shedding light on activities commonly dubbed "Ransomware".

 Here is a small list of local press coverage:

All of the above are referencing a blog post by Cyble, Inc on the matter.

Some clarifications :
  • The primary source of the screenshots is not Cybel Inc. The source is a TOR Website where (presumably) "REvil" is publishing notices to companies that don't pay their ransom, the Cactus Group is one of them. 
  • There are more screenshots and details that journalists would discover if they would track down the source website.  In particular, a few datasets that beg the question of why they were highlighted in the first place.
More general information on "Revil/Sodinokibi" :