A bit of context on Ransomware / Cactus / REvil

This post has not much "added value" for Security Professionals, it is intended for local broader audiences.

This is a quick post to clarify some ambiguity that I have seen in the reporting and associated discussions.

In the recent weeks it came to light that a Ransomware Group dubbed REvil has been publishing a note that they compromised and extracted information from the Luxembourgish Supermarket Chain "Cactus Group". This was covered by Luxemburgish media, exposing the topic to a broader audience and shedding light on activities commonly dubbed "Ransomware".

 Here is a small list of local press coverage:

• Wort.lu 
• Tageblatt

All of the above are referencing a blog post by Cyble, Inc on the matter.

Some clarifications :

• The primary source of the screenshots is not Cybel Inc. The source is a TOR Website where (presumably) "REvil" is publishing notices to companies that don't pay their ransom, the Cactus Group is one of them. 
• There are more screenshots and details that journalists would discover if they would track down the source website.  In particular, a few datasets that beg the question of why they were highlighted in the first place.

More general information on "Revil/Sodinokibi" :

• Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up
• https://www.kpn.com/security-blogs/tracking-revil.htm