REvil Ransomware’s Tor Sites Were Hijacked

REvil/Sodinokibi is highly evasive and upgraded ransomware, which uses a special social engineering move, as the ones who spread it will threaten to double the ransom if not paid within a certain number of days, as thoroughly explained by Elena.

REvil ransomware is dangerous for companies of all sizes as it became the 4th most distributed ransomware in the world, targeting mostly American and European companies.

What Happened?

REvil ransomware appears to have been taken down once more after an unknown individual allegedly took over their Tor payment gateway and data leak blog.

Source

The Tor sites were knocked down earlier today after a malicious attacker linked to the REvil operation claimed on the XSS hacking forum that the group’s domains had been hacked.

RIP 🪦 #REvil pic.twitter.com/LJKnJI9YtW

— 𝕯𝖒𝖎𝖙𝖗𝖞 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 (@ddd1ms) October 17, 2021

Dmitry Smilyanets was the one that initially detected the thread, which claims that an unknown individual hijacked the Tor hidden services (onion domains) using the same private keys as REvil’s Tor sites and presumably owns backups of the sites.

But since we have today at 17.10 from 12:00 Moscow time, someone brought up the hidden-services of a landing and a blog with the

Read More: https://heimdalsecurity.com/blog/revil-ransomwares-tor-sites-were-hijacked/