Written by: Larry Cashdollar, Akamai Security Intelligence Response Team Executive Summary \r\n \r\n Akamai researchers have been monitoring a distributed denial of service (DDoS) campaign against one of Akamai’s customers claiming to be associated with the infamous ransomware-as-a-service (RaaS) group, REvil. \r\n \r\n The attacks so far target a site by sending a wave of HTTP/2 GET requests with some cache-busting techniques to overwhelm the website. \r\n \r\n The requests contain embedded demands for payment, a bitcoin (BTC) wallet, and business/political demands. \r\n \r\n The attempts seem smaller than previous similar campaigns that claim to be launched by REvil and seem to have a political purpose associated with the extortion attempt, which is something we haven’t previously observed. \r\n \r\n The BTC wallet currently has no history and is not tied to any previously known BTC wallets used by REvil.…