REvil, the infamous ransomware gang behind a string of cyberattacks lately, seems to have gone off the radar as soon as once more, a bit over a month after the cybercrime group staged a shock return following a two-month-long hiatus.
The event, first noticed by Recorded Future’s Dmitry Smilyanets, comes after a member affiliated with the REvil operation posted on the XSS hacking discussion board that unidentified actors had taken management of the gang’s Tor fee portal and information leak web site.
“The server was compromised they usually had been searching for me. To be exact, they deleted the trail to my hidden service within the torrc file and raised their very own in order that I’d (sic) go there. I checked on others – this was not. Good luck everybody, I am off,” person 0_neday stated within the put up.
As of writing, it is not clear precisely who was behind the compromise of REvil’s servers, though it would not be fully stunning if legislation enforcement companies performed a task in bringing down the domains.
The Russia-linked ransomware group attracted main scrutiny following its assaults on JBS and Kaseya earlier this 12 months, prompting it to take its darknet websites offline in July 2021. However on September 9, 2021, REvil made an surprising return, resurfacing each its information leak website in addition to fee and negotiation portals again on-line.
Final month, the Washington Submit reported that the U.S. Federal Bureau of Investigation (FBI) held again from sharing the decryptor with the victims of Kaseya ransomware assault for almost three weeks, which it obtained from accessing the group’s servers, as a part of a plan to disrupt the gang’s malicious actions. “The deliberate takedown by no means occurred as a result of in mid-July REvil’s platform went offline — with out U.S. authorities intervention — and the hackers disappeared earlier than the FBI had an opportunity to execute its plan,” the report added.
A common decryptor was ultimately shared by Romanian cybersecurity agency Bitdefender in late July after buying the digital key from a “legislation enforcement accomplice.”
Whereas it isn’t unusual for ransomware teams to evolve, splinter, or reorganize below new names, the prison area has more and more come below the lens for hanging important infrastructure, at the same time as extra cybercriminals are recognizing the profitability of ransomware, partly bolstered by the unregulated cryptocurrency panorama, thus enabling menace actors to extort victims for digital funds with impunity.