REvil ransomware gang goes dark after its Tor sites are hacked

In July 2021 the REvil ransomware group vanished due to mounting US pressure after the Kaseya attack. However, the group was back in September 2021 by carrying out extortion-based DDoS attack on ITSPs in the UK and Canada/America.

The infamous REvil ransomware group has suddenly announced to end its activities. The group, which gained prominence over cyberspace with high-profile ransomware attacks against Kaseya, JBS, and Travelex this year, has reportedly decided to go underground after its Tor payment portal and data leak blog were hijacked.

The news of REvil’s shutdown was posted on a well-known criminal forum run by a threat actor “0_neday” suspected to be associated with the gang and was first reported by Dmitry Smilyanets from Recorded Future.

It is worth noting that in July 2021, the REvil ransomware group vanished due to mounting US pressure after the Kaseya attack. However, the group was back in September 2021 by carrying out extortion-based DDoS attack on ITSPs in the UK and Canada/America.

REvil Announces Shutdown

The post where the group announced the closure of its activities revealed that REvil gang’s Tor services were allegedly hijacked and whoever hacked it replaced the services with a copy of the gang’s private keys, which

Read More: https://www.hackread.com/revil-ransomware-gang-offline-tor-sites-hacked/