The dark web server of the mysterious disappearing hacker group 'REvil' suddenly revives



After a large-scale ransomware attack targeting the IT management service 'Kaseya' in July 2021, the cybercriminal organization 'REvil' suddenly disappeared from the dark web without showing any noticeable movement, and again. It turns out that I have revived my website. It is not known at the time of writing whether this meant REvil's resumption of operations or whether law enforcement agencies brought the site online for investigation or seizure.

REvil ransomware's servers mysteriously come back online
https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/

REvil ransomware group returns following Kaseya attack --The Record by Recorded Future
https://therecord.media/revil-ransomware-group-returns-following-kaseya-attack/

Russia-based REvil is a cybercriminal organization known for launching large-scale ransomware attacks on global meat giant JBS and Taiwanese PC maker Acer. Most recently, in July 2021, a supply chain attack targeting Kaseya, an IT management service, was launched, causing enormous damage to multiple managed service providers and their customers.

Large-scale ransomware attack targeting IT management service 'Kaseya' has indirect impact on many companies --GIGAZINE



REvil has been launching cyber attacks on global companies including Japanese companies one after another, but suddenly closed both the leak site called 'Happy Blog' and the ransom receiving site that were released on Tor on July 13th. I was allowed to. The reason for the closure is unknown, and it has been pointed out that it may have 'disappeared because it attracted too much attention' or 'simply a technical problem.'

The website of a group of Russian hackers aiming for infrastructure disappears the mystery --GIGAZINE



IT news site Bleeping Computer and security company Recorded Future reported on September 7 that Happy Blog was back online. The leak information posted on the blog is as of the time it was closed on July 13, and there is no new information.



Also, the payment site that REvil used to receive the ransom is now online, but I can't log in.



According to Recorded Future, there are no reports of security researchers discovering a new REvil attack at the time of writing. 'At this point, it's unclear if REvil is back, the server was accidentally turned on, or it's due to law enforcement,' Bleeping Computer said.

in Security, Posted by log1l_ks