Ransomware

REvil ransomware gang’s web sites mysteriously shut down

0

The infrastructure and websites for the REvil ransomware operation have mysteriously disappeared from the dark web, speculating that the criminal enterprise may have been taken down.

The REvil ransomware operation, aka Sodinokibi, operates through numerous clear web and dark web sites used as ransom negotiation sites, ransomware data leak sites, and backend infrastructure.

The sites maintained by the group displays an error message “Onionsite not found”. The Tor Project’s Al Smith said that the onion site might be offline or disabled. To know for sure, one has to contact the onion site administrator.

REvil sites used to lose connectivity for some time, but it is unusual for all sites to shut down simultaneously.

Furthermore, the decoder[.]re clear website is no longer resolvable by DNS queries, possibly indicating the DNS records for the domain have been pulled or that backend DNS infrastructure has been shut down.

The group’s Tor network infrastructure on the dark web consists of one data leak blog site and 22 data hosting sites.

The LockBit ransomware representative posted to the XSS Russian-speaking hacking forum that it is rumored the REvil gang erased their servers after learning of a government subpoena.

REvil server infrastructure received a government legal request forcing REvil to completely erase server infrastructure and disappear. However, it is not confirmed.

The XSS admin banned REvil’s ‘Unknown,’ the public-facing representative of the ransomware gang, from the forum.

On July 2nd, the REvil ransomware gang encrypted approximately 60 managed service providers (MSPs) and over 1,500 individual businesses using a zero-day vulnerability in the Kaseya VSA remote management software.

REvil initially demanded $70 million for a universal decryptor for all victims but then dropped the price to $50 million.

Since then, the ransomware group has been under increased scrutiny by law enforcement.

Now, it is not sure whether REvil’s shut down of servers is for technical reasons, if the gang shut down their operation, or if a Russian or USA law enforcement operation took place.

Image Credits : Tech Viral

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Greek national charged for selling Insider trading tips in the Dark Web

    Previous article

    Israeli company Candiru used Windows zero-days to deploy spyware

    Next article

    You may also like

    More in Ransomware

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *