The operators of REvil ransomware are now claiming that the group has stopped its activities. The group had reappeared a few weeks after the store closed in July 2021, making researchers skeptical about the latest shutdown.
REvil ransomware group
Corresponding ZDNet, Cyber criminals claiming to be part of the infamous ransomware group REvil have allegedly alleged the gang is allegedly closing shop. It did so after the group lost control of their vital infrastructure and reportedly had internal disputes.
Dimitry Smilyanets, a security expert with Recorded Future, shared news on Twitter comes from “0_neday”, a well-known REvil operator. The expert discussed what happened in the cyber criminals forum called XSS. He reportedly alleged someone had taken control of the group’s own Tor payment gateway as well as a data breach website.
0_neday to ‘Unknown’
On the said news, 0_neday noted that he and “Unknown”, a particularly senior member of the group, were the only two members of the alleged gang who had REvil’s own domain keys. “Unknown” is said to have disappeared in July 2021, which led other members of this group to assume that he had died.
In September 2021, the group resumed operations, but 0_neday still wrote that the REvil domain had actually been accessed with the keys from “Unknown”. In yet another message, 0_neday detected that the server was compromised and the user was searched for.
0_neday Hidden service in the torrc file
To be precise, they even deleted the path to 0_neday’s hidden service in the actual torrc file and created their own to get there. 0_neday noticed the user checking others and saying “that wasn’t” good luck to everyone with the statement “I am free”. At the moment it is Apple’s bug bounty program frustrates participating security experts such as poor communication, payment confusion and other problems.
REvil noted that the store originally closed in July 2021, following the devastating attack on Kaseya that infected hundreds of organizations around the world and caused untold damage. The group is reportedly one of the most prolific ransomware gangs currently operating. Hundreds of important companies and organizations have been attacked as a result in the past few years.
Examination by law enforcement agencies
However, the group attracted immense law enforcement control after the July 4, 2021 attack on Kaseya and ended their operation on July 13, 2021. The group then returned in September 2021 and has continued to attack dozens of different companies over the past few weeks. T-Mobile is now being investigated because of an underground forum that allegedly contained huge amounts of data According to T-Mobile, over 100 million people are affected.
The recording notes that the shutdown actually took place on July 13, 2021 because “Unknown” allegedly stole the group’s money and shut down their servers. This made it difficult for the remaining members to pay their partners.
Related article: Zoom Settles $ 85 million in California privacy lawsuit
This article is owned by Tech Times
Posted by Urian B.
Ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.
#REvil #Ransomware #Claims #Group #terminated #activity #Researchers #skeptical #latest #shutdown