The operators behind the REvil ransomware group have resurfaced after allegedly closing shop following the widespread attack on Kaseya that caused thousands of victims on July 4.
Security researchers said all of the dark web sites for the prolific ransomware group — including the payment site, the group’s public site, the ‘helpdesk’ chat and their negotiation portal — went offline on July 13 after the Kaseya attack drew worldwide condemnation and tough threats from US lawmakers.
US President Joe Biden spoke personally with Russian President Vladmir Putin after the attack, and many attributed REvil’s closure to the conversation, where Biden pressed Putin about ransomware attacks originating from Russian soil.
Despite the conversation, both US authorities and Russian officials denied any involvement in REvil’s disappearance in July.
But dozens of security researchers took to social media on Tuesday to show that the group’s Happy Blog and other sites connected to REvil had resurfaced. Bleeping Computer
The article REvil ransomware group resurfaces after brief hiatus originally appeared on ZDNet.