Home>Blog>The Hacker News Headlines>REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised
The Hacker News Headlines

REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised

REvil, the notorious ransomware gang behind a string of
cyberattacks in recent years, appears to have gone off the radar
once again, a little over a month after the cybercrime group staged
a surprise return following a two-month-long hiatus.

The development, first spotted[1]
by Recorded Future’s Dmitry Smilyanets[2], comes after a member
affiliated with the REvil operation posted on the XSS hacking forum
that unidentified actors had taken control of the gang’s Tor
payment portal and data leak website.

Automatic GitHub Backups

“The server was compromised and they were looking for me. To be
precise, they deleted the path to my hidden service in the torrc file[3]
and raised their own so that I would (sic) go there. I checked on
others – this was not. Good luck everyone, I’m off,” user 0_neday
said in the post.

As of writing, it isn’t clear exactly who was behind the
compromise of REvil’s servers, although it wouldn’t be entirely
surprising if law enforcement agencies played a role in bringing
down the domains.

The Russia-linked ransomware group attracted major scrutiny
following its attacks on JBS[4]
and Kaseya[5]
earlier this year, prompting it to take its darknet sites offline[6] in July 2021. But on
September 9, 2021, REvil made an unexpected return[7], resurfacing both its
data leak site as well as payment and negotiation portals back
online.

Last month, the Washington Post reported[8]
that the U.S. Federal Bureau of Investigation (FBI) held back from
sharing the decryptor with the victims of Kaseya ransomware attack
for nearly three weeks, which it obtained from accessing the
group’s servers, as part of a plan to disrupt the gang’s malicious
activities. “The planned takedown never occurred because in
mid-July REvil’s platform went offline — without U.S. government
intervention — and the hackers disappeared before the FBI had a
chance to execute its plan,” the report added.

Prevent Data Breaches

A universal decryptor[9]
was eventually shared by Romanian cybersecurity firm Bitdefender in
late July after obtaining the key from a “law enforcement
partner.”

While it’s not uncommon for ransomware groups to evolve,
splinter, or reorganize under new names, the criminal field has
increasingly come under the lens for striking critical
infrastructure, even as more cybercriminals are recognizing the
profitability of ransomware[10], in part bolstered by
the unregulated cryptocurrency landscape, thus enabling threat
actors to extort victims for digital payments with impunity.

References

  1. ^
    spotted
    (twitter.com)
  2. ^
    Dmitry
    Smilyanets     (twitter.com)
  3. ^
    torrc
    file     (support.torproject.org)
  4. ^
    JBS
    (thehackernews.com)
  5. ^
    Kaseya
    (thehackernews.com)
  6. ^
    take its
    darknet sites offline     (thehackernews.com)
  7. ^
    unexpected return
    (thehackernews.com)
  8. ^
    reported
    (www.washingtonpost.com)
  9. ^
    universal decryptor
    (thehackernews.com)
  10. ^
    profitability of ransomware
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.