REvil Ransomware's Tor and Payment Sites Compromised

REvil ransomware group, one of the prominent cybercriminal gangs has just announced retiring for the second time.

One of the group’s members revealed this after having lost control over the ransomware’s critical infrastructure. He went on explaining that accessing the group’s Tor and payment pages needs a private key, which is only available with him and one other admin, who reportedly went underground earlier.

REvil Ransomware Shutdown

Just like clever ransomware groups make hefty money on lucrative victims, they’re also heavily targeted by law enforcement agencies for crimes. And after the Kaseya attack in July this year, the threat actor behind this – REvil ransomware group decided to go down.

While everyone thought it was the end of REvil, the group once resumed its operations a couple of months back and actively hit companies worldwide. And now, one of its members announced retiring for good.

“0_neday”, claiming to be a member of REvil group, said in XSS forum recently that he lost control over the ransomware’s Tor and payment onion sites. And this triggered the fact that someone else could have hacked the infrastructure, or FBI is taking charge with all the intel and resources it got.

Keeping these two conspiracy theories aside, 0_neday said that REvil domain’s private keys are with only two members – himself and “Unknown” – another admin of the ransomware group. And Unknown had mysteriously disappeared in July, after the Kaseya attack.

In his last words on the forum, 0_neday said, “The server was compromised, and they were looking for me. To be precise, they deleted the path to my hidden service in the torrc file and raised their own so that I would go there. I checked on others — this was not. Good luck, everyone; I’m off.”

Other Trending News:-  News


Please enter your comment!
Please enter your name here