REvil Ransomwareโ€™s Tor Sites Were Hijacked

REvil/Sodinokibi is highly evasive and upgraded ransomware, which uses a special social engineering move, as the ones who spread it will threaten to double the ransom if not paid within a certain number of days, as thoroughly explained by Elena.

REvil ransomware is dangerous for companies of all sizes as it became the 4th most distributed ransomware in the world, targeting mostly American and European companies.

What Happened?

REvil ransomware appears to have been taken down once more after an unknown individual allegedly took over their Tor payment gateway and data leak blog.

Source

The Tor sites were knocked down earlier today after a malicious attacker linked to the REvil operation claimed on the XSS hacking forum that the groupโ€™s domains had been hacked.

RIP ๐Ÿชฆ #REvil pic.twitter.com/LJKnJI9YtW

โ€” ๐•ฏ๐–’๐–Ž๐–™๐–—๐–ž ๐•พ๐–’๐–Ž๐–‘๐–ž๐–†๐–“๐–Š๐–™๐–˜ (@ddd1ms) October 17, 2021

Dmitry Smilyanets was the one that initially detected the thread, which claims that an unknown individual hijacked the Tor hidden services (onion domains) using the same private keys as REvilโ€™s Tor sites and presumably owns backups of the sites.

But since we have today at 17.10 from 12:00 Moscow time, someone brought up the hidden-services of a landing and a blog with the

Read More: https://heimdalsecurity.com/blog/revil-ransomwares-tor-sites-were-hijacked/