Report shines light on REvil's depressingly simple tactics: Phishing, credential-stuffing RDP servers... the usual