REvil Ransomware Gang Goes Underground After Tor Websites Have been Compromised

REvil, the infamous ransomware gang behind a string of cyberattacks in recent times, seems to have gone off the radar as soon as once more, a bit of over a month after the cybercrime group staged a shock return following a two-month-long hiatus.

The event, first noticed by Recorded Future’s Dmitry Smilyanets, comes after a member affiliated with the REvil operation posted on the XSS hacking discussion board that unidentified actors had taken management of the gang’s Tor fee portal and knowledge leak web site.

Automatic GitHub Backups

“The server was compromised they usually had been in search of me. To be exact, they deleted the trail to my hidden service within the torrc file and raised their very own in order that I’d (sic) go there. I checked on others – this was not. Good luck everybody, I am off,” person 0_neday stated within the publish.

As of writing, it is not clear precisely who was behind the compromise of REvil’s servers, though it would not be solely shocking if regulation enforcement businesses performed a task in bringing down the domains.

The Russia-linked ransomware group attracted main scrutiny following its assaults on JBS and Kaseya earlier this yr, prompting it to take its darknet websites offline in July 2021. However on September 9, 2021, REvil made an sudden return, resurfacing each its knowledge leak website in addition to fee and negotiation portals again on-line.

Final month, the Washington Publish reported that the U.S. Federal Bureau of Investigation (FBI) held again from sharing the decryptor with the victims of Kaseya ransomware assault for almost three weeks, which it obtained from accessing the group’s servers, as a part of a plan to disrupt the gang’s malicious actions. “The deliberate takedown by no means occurred as a result of in mid-July REvil’s platform went offline — with out U.S. authorities intervention — and the hackers disappeared earlier than the FBI had an opportunity to execute its plan,” the report added.

Enterprise Password Management

A common decryptor was finally shared by Romanian cybersecurity agency Bitdefender in late July after buying the digital key from a “regulation enforcement accomplice.”

Whereas it isn’t unusual for ransomware teams to evolve, splinter, or reorganize underneath new names, the prison discipline has more and more come underneath the lens for hanging important infrastructure, whilst extra cybercriminals are recognizing the profitability of ransomware, partly bolstered by the unregulated cryptocurrency panorama, thus enabling risk actors to extort victims for digital funds with impunity.

Leave A Reply

Your email address will not be published.