BNG ENT

Main Menu

  • Home
  • Community forum
  • Forum workshop
  • Forum sites
  • Forum committee
  • Forum hosting

BNG ENT

Header Banner

BNG ENT

  • Home
  • Community forum
  • Forum workshop
  • Forum sites
  • Forum committee
  • Forum hosting
Forum sites
Home›Forum sites›REvil ransomware group darkens after hijacking of its Tor sites – TechCrunch

REvil ransomware group darkens after hijacking of its Tor sites – TechCrunch

By Corrine K. Thomas
October 18, 2021
0
0


REvil, the notorious Russian-linked ransomware gang responsible for the high-profile cyberattacks on Kaseya, Travelex and JBS earlier this year, has once again disappeared after its Tor payment portal and data breach blog were allegedly hijacked.

The shutdown comes weeks after the group reappeared after a month-long hiatus, during which the group fell silent after facing heat from the U.S. government in response to its attack on Kaseya, which resulted in the infection of thousands of businesses with ransomware. News of the shutdown was first reported in an article on a known criminal forum by a threat actor known to be affiliated with Operation REvil, first discovered by Recorded Future. Dmitry smilyanets.

The threat actor’s post said the group’s Tor services had been hijacked and replaced with a copy of the group’s private keys, likely from an earlier backup. “The server was compromised and they were looking for me,” the post read. “To be precise, they deleted my service path hidden in the torrc file [used for configuring the Tor service] and raised theirs for me to go. I checked on the others – it wasn’t. Good luck everyone, I’m leaving.

What REvil’s Tor site looks like (at time of publication) following an apparent hijacking. (Image: TechCrunch)

As of this writing, it is not clear who compromised REvil’s servers. A report of The Washington Post said in September that the FBI had obtained the group’s encryption keys for businesses affected by the Kaseya attack in July, but that the agency’s planned withdrawal never took place after the group’s disappearance. Others are pointing to a possible takeover by a former member of the group, known as “Unkn”, or Unknown, a longtime spokesperson for the group, who did not return when the rest of the group reappeared in September.

“As there was no confirmation of the reason for his loss, we returned to work, believing he was dead,” the threatening actor explained in his forum post. “But as we have today at 5:10 p.m. from 12:00 p.m. Moscow time, someone brought up the hidden services of a landing and a bog with the same key as ours, my fears were concerned.”

VX-Underground, a website that hosts malware source code, samples, and documents, tweeted that only Unknown and the threat actor posting the forum had REvil domain keys and that the ransomware group’s domain was recently accessed using Unknown keys.

It remains to be seen whether REvil – linked to the majority of ransomware detections in the second quarter of this year, according to McAfee – is gone for good. But since the group’s surprise reappearance in September, it has struggled to recruit users, prompting the group to increase affiliate commissions to attract new threatening actors.



Related posts:

  1. Ransomware Gangs Using Data Leaking Sites to Recruit New Affiliates
  2. Huawei Launches Next Generation APM5950 Cabinet Solution, Helping Build Green Sites
  3. City and CreateTO announce development partners for two ongoing housing sites
  4. British heritage sites part of solutions to climate change, new report says

Categories

  • Community forum
  • Forum committee
  • Forum hosting
  • Forum sites
  • Forum workshop

Recent Posts

  • Govt. Justice, companies set to settle with major creditor | West Virginia
  • The Day – Norwich School Building Committee opts for four new elementary schools
  • Dublin City Council refuses to map sites for Travelers’ Homes in city development plan
  • ATP Partners with COSAT to Host First South American Challenger Workshop | ATP tour
  • Anti-career supporters gather for the Mitchell Shire Council community forum

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • December 2020
  • October 2020
  • August 2020
  • June 2020
  • May 2020
  • February 2020
  • October 2019
  • September 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • December 2018
  • August 2018
  • May 2018
  • March 2018
  • April 2016
  • November 2015
  • Privacy Policy
  • Terms and Conditions