After Tor sites were compromised, the REvil Ransomware gang went underground


After Tor sites were compromised, the REvil Ransomware gang went underground

REvil, the notorious ransomware gang responsible for a slew of cyberattacks in recent years, appears to have vanished once again, just over a month after the cybercrime group made a shocking comeback after a sabbatical of two. month.

The discovery was made by Dmitry Smilyanets of Recorded Future when a member of the REvil organization wrote on the XSS hacking forum that anonymous actors had taken control of the gang’s Tor payment gateway and the leaked website. of data.

“The server was compromised and they were looking for me. To be precise, they deleted my service path hidden in the torrc file and lifted theirs for me to go (sic). I checked on the others – it wasn’t. Good luck everyone I’m leaving, ”user 0_neday said in the post.

At the time of this writing, it is unclear who was responsible for hacking REvil’s servers, although it would not be shocking for government law enforcement authorities to play a role in removing domains. .

Following its attacks on JBS and Kaseya earlier this year, the Russian-linked ransomware organization was forced to shut down its darknet domains in July 2021. However, on September 9, 2021, REvil made a surprising comeback, reactivating both its data breach site as well as its payment and trading sites.

The Washington Post revealed last month that the FBI had refrained for nearly three weeks from sharing the decryptor with victims of the Kaseya ransomware attack, which it obtained by accessing the group’s servers, as part of a ploy to disrupt the gang’s nefarious actions. “The planned withdrawal never happened because in mid-July, the REvil platform went offline – without US government intervention – and the hackers disappeared before the FBI had a chance to ‘execute his plan,’ the report adds.

After recovering the digital key from a “law enforcement partner,” Romanian cybersecurity company Bitdefender finally shared a universal decryptor at the end of July.

Although it is common for ransomware groups to evolve, divide or reorganize under new names, the criminal domain is increasingly being monitored to target critical infrastructure, even as more and more cybercriminals recognize the profitability. ransomware, which is in part facilitated by unregulated cryptocurrency. landscape, allowing threat actors to extort victims for digital payments with impunity.

Leave A Reply

Your email address will not be published.