The REvil ransomware gang is disappearing again. But this time around, the criminal group has likely ceased operations as both their payment gateway and data breach site fell victim to hackers.
(Photo: by NICOLAS ASFOURI / AFP via Getty Images)
This photo taken on Aug. 4, 2020 shows Prince, a member of the Red Hacker Alliance hacking group, who refused to give his real name. – From a small, dingy office in an industrial city in southern China, the Red Hacker Alliance – one of China’s best-known patriotic “hacktivist” groups – wages the fight in the country’s nationalist online war.
According to Bleeping Computer, the identity of the person behind the infiltration of REvil’s operating platforms is not yet known. For the time being, it is clear that the criminal gang’s gate payment side is currently down.
REvil ransomware gang disappears again
Last July 13th, the infamous Russia-related ransomware group suddenly disappeared, according to the BBC report.
REvil surprisingly vanished into thin air after its massive attack on the IT company known as Kaseya, affecting the operations of thousands of companies around the world.
In addition, the BBC added that the sudden shutdown comes amid heated pressure between the two giant nations, the United States and Russia, affecting the negative effects of cyberattacks.
REvil ransomware gang hacked
Now REvil is going out of business for the second time, which could likely be due to the recent hacking attacks against the criminal group.
A threat actor who claims to be affiliated with REvil exposed the hijacking incident on an XSS hacking forum shared on Twitter by Threat Intelligence Analyst of the Recorded Future, Dmitry Smilyanets.
Smilyanets shared the screenshot of the hacking forum on his Twitter account, which shows that the private keys of the payment platform REvil have been compromised.
– 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 (@ ddd1ms) October 17, 2021
The threat actor with the username 0_neday first said on the hacking forum that there was no visible evidence that his servers were infiltrated by the incident. However, they have decided to cease operations.
Meanwhile, 0_neday posted another update on the forum confirming that the servers were compromised by an unknown hacker.
Bleeping Computer further noted in the same report that some people suspect that the FBI, along with other law enforcement agencies, had access to REvil’s servers after its first disappearance in July.
Also read: Former Kaseya employees claim the company already knows the REvil hack will happen: signs were shown again in 2019
Although REvil was reborn through its backups months after it disappeared in July, the ransomware gang reportedly struggled to recruit its workforce.
In addition, on September 23, underground forums were filled with allegations that REvil had defrauded their partners in order to steal the entire ransom payment.
Some of REvil’s partner groups revealed that the ransomware gang allegedly kidnapped their partners through a back door channel in order to keep the entire amount of the ransom.
It should be noted that the bulk of the ransom payment from the victims, or about 70%, actually goes to the partners who do the dirty chores like hacking.
And now it looks like REvil is about to have another hiccup in his operations.
Related article: $ 5.2 billion in crypto transactions linked to popular ransomware attacks? BTC as the most widely used cryptocurrency, says FinCEN
This article is owned by Tech Times
Written by Teejay Boris
Ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.