The REvil ransomware gang is disappearing again. But this time around, the criminal group has likely ceased operations as both their payment gateway and data breach site fell victim to hackers.
(Photo: by NICOLAS ASFOURI / AFP via Getty Images)
This Aug. 4, 2020 photo shows Prince, a member of the Red Hacker Alliance hacking group, who refused to give his real name and uses a website that promotes global cyberattacks on his computer at their office in Dongguan, China’s southern province Guangdong, monitored. – From a small, dingy office in an industrial city in southern China, the Red Hacker Alliance – one of China’s best-known patriotic “hacktivist” groups – wages the fight in the country’s nationalist online war.
As per Beeping computer, the identity of the person behind the infiltration of REvil’s operating platforms is not yet known. For the time being, it is clear that the criminal gang’s gate payment side is currently down.
REvil ransomware gang disappears again
REvil surprisingly vanished into thin air following its massive attack on the IT company known as Kaseya, affecting the operations of thousands of companies around the world.
In addition, the BBC added that the sudden shutdown comes amid heated pressure between the two giant nations, the United States and Russia, affecting the negative effects of cyberattacks.
REvil ransomware gang hacked
Now REvil is going out of business for the second time, which could probably be due to the recent hacking attacks against the criminal group.
A threat actor who claims to be affiliated with REvil exposed the hijacking incident on an XSS hacking forum shared on Twitter by Threat Intelligence Analyst of the Recorded Future, Dmitry Smilyanets.
Smilyanets shared the screenshot of the hacking forum on his Twitter account, which shows that the private keys of the payment platform REvil have been compromised.
– (@ ddd1ms) October 17, 2021
The threat actor with the username 0_neday first said on the hacking forum that there was no visible evidence that his servers were infiltrated by the incident. However, they have decided to cease operations.
Meanwhile, 0_neday posted another update on the forum confirming that the servers were compromised by an unknown hacker.
Bleeping Computer further noted in the same report that some people suspect that the FBI, along with other law enforcement agencies, had access to REvil’s servers after its first disappearance in July.
Although REvil was reborn through its backups months after it disappeared in July, the ransomware gang reportedly struggled to recruit its workforce.
In addition, on September 23, underground forums were filled with allegations that REvil had defrauded its partners in order to steal the entire ransom payment.
Some of the partner groups of REvil revealed that the ransomware gang allegedly kidnapped her partner through a back door channel in order to keep the full amount of the ransom.
It should be noted that the bulk of the victims’ ransom payment, or about 70%, actually goes to the partners who do the dirty chores like hacking.
And now it seems that REvil is facing another hiccup in its operations.
This article is owned by Tech Times
Written by Teejay Boris
Ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.
#REvil #ransomware #gang #ceases #operations #hacker #attack