The dark web servers used by the ransomware gang REvil for its operations have suddenly turned back on.

Ransomware Gang REvil’s Dark Web Servers Turn Back On

The dark web servers used by the ransomware gang REvil for its operations have suddenly turned back on. However, it’s unclear if they are being used by law enforcers or if the ransomware gang is back.

On July 2, the REvil ransomware gang encrypted almost 60 service providers managed by Kaseya VSA remote management software, affecting over 1,500 business customers using a zero-day flaw in the Kaseya VSA software.

They demanded $5 million from each of the businesses that were encrypted. Along with that, they offered a master decryption key for all Kaseya victims for $70 million. The price was soon dropped to $50 million.

After the ransomware attack, the US law enforcement department pressured Russia to take actions against threat actors working out of the country, or else the US will take the matter into their own hands. This made the ransomware gang disappear immediately, and all their servers were shut down.

As a result, the victims could not recover their files. However, the master key was later delivered to the Kasaya victims. It is believed that the gang passed on the master key to the Russian intelligence department, which in turn handed it over to the Kaseya victims through the FBI to protect their relationship with the US.

The most recent victim of REvil was added on July 8, 2021, and five days later the gang’s site went down.

However, REvil’s infrastructure suddenly turned back on 8th September 2021, and its sites suddenly came back online. Their leak site ‘Happy Blog’ seems to be fully functional, whereas their Tor negotiation site is yet to restore its full functionality.

The gang’s is offline at this time.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.