After Tor sites were compromised, the REvil ransomware gang went underground

REvil, the infamous ransomware gang that was responsible for a number of cyberattacks in recent years, appears to have disappeared again, just over a month after the cybercrime group shockingly returned after a two-month sabbatical.

The discovery was made by Dmitry Smilyanets of Recorded Future when a member of the REvil organization wrote on the XSS hacking forum that anonymous actors have taken control of the gang’s Tor payment gateway and data leak website.

“The server was compromised and they were looking for me. To be precise, they deleted the path to my hidden service in the torrc file and created their own so that I (sic) would go there. I checked others – it wasn’t. Good luck everyone, I’m gone, “said the user 0_neday in the post.

At this point it is unclear who was responsible for the REvil server hack, although it wouldn’t be shocking if government enforcement agencies played a role in demolishing the domains.

After its attacks on JBS and Kaseya earlier this year, the Russia-affiliated ransomware organization had to shut down its darknet domains in July 2021. However, on September 9, 2021, REvil made a surprising comeback, reactivating both its data leak site and its payment and negotiation pages.

The Washington Post revealed last month that the FBI spent almost three weeks distributing the decryptor to victims of the Kaseya ransomware attack, who obtained it from accessing the group’s servers, as part of a plan to halt the malicious actions of the group Gang withheld. “The planned shutdown never happened because REvil’s platform went offline in mid-July – with no US government intervention – and the hackers disappeared before the FBI had a chance to carry out its plan,” the report added.

After the Romanian cybersecurity company Bitdefender picked up the digital key from a “law enforcement partner”, it finally shared a universal decryptor in late July.

While it is common for ransomware groups to develop, split, or reorganize under new names, the crime arena is increasingly being scrutinized to target critical infrastructures, even as cybercriminals continue to see the profitability of ransomware that is partially backed by the unregulated cryptocurrency landscape that enables threat actors to blackmail victims into digital payments with impunity.

Source link
#Tor #sites #compromised #REvil #ransomware #gang #underground

Leave a Reply