Home Hacking News The Notorious REvil Ransomware Gang Go Offline

The Notorious REvil Ransomware Gang Go Offline

by Abeerah Hashim
TeamCity RCE flaw exploited for ransomware attacks

After wreaking havoc in the corporate world, the notorious REvil ransomware suddenly went offline. Neither its traces appear on its dark web site, nor has it maintained any representation on cybercrime forums.

REvil Ransomware Went Offline

Reportedly, the infamous REvil ransomware gang has apparently gone offline for unknown reasons. While similar disruptions had happened with REvil sites in the past too, what’s unique this time is the simultaneous closure.

According to Bleeping Computer, the ransomware sites went offline sometime the night before July 13, 2021. The gang’s .onion site displayed the error “This site can’t be reached” upon attempting to visit.

Whereas Vitali Kremez observed that LockBit ransomware hinted about REvil receiving a government subpoena.

Though it remains unconfirmed, another evidence backing the hypothesis of the gang’s departure (or seizure, maybe?) comes from the banning of REvil’s representative by the cybercrime forum XSS.

As Kremez told Bleeping Computer,

As a rule of thumb, the administration of the top forums bans its users when they are suspected of being under the police control.

Has REvil Shut Down?

It isn’t presently clear if REvil has departed for good or is merely facing a temporary outage. However, given the unwarranted attention the ransomware caught after a wobbly Kaseya zero-day exploit, it isn’t unlikely for the threat actors to disappear.

Also, recently, the US had threatened Russian authorities to “take care of” the ransomware gangs operating within, or the Us would handle them.

Although the FBI hasn’t currently commented anything about a potential crackdown of REvil, the authorities might likely have disrupted the technical infrastructure. Recently, the DarkSide gang faced a similar fate in the wake of the Colonial Pipeline incident.

After that, the Avaddon gang shut down its business and released decryption keys in a bid to escape.

However, ruling out a REvil comeback isn’t also feasible for now. Recently, the Babuk ransomware also reappeared after briefly going offline following the DC Police attack. Even the REvil ransomware emerged quickly from roughly the same threat actors who earlier operated Gandcrab.

Hence, it remains unclear if REvil has disappeared for good or has taken a temporary break for now.

You may also like