REvil ransomware group, Russia’s most notorious cybercriminal gang, known for their extortions, has shut down again after an unidentified individual hijacked their data leak blog and the onion router payment portal.
The ‘The onion router’ shuts down recently. A malicious actor associated with the REvil group announces that somebody caused problems to the ransomware group’s domain to the XSS hacking forum.
The subject matter was discovered first by an identified person and said that an unknown person hacked the onion router’s hidden services with the identical private keys of REvil’s Tor sites and has contingencies of the sites.
However, the cybercriminal group stated that they did not find any signs of hacking to their servers but will still be likely to shut down their operation.
The malicious actor then told an acquaintance to reach him for campaign decryption keys using Tox so the acquaintance can continue extorting their targets and provide a decryptor if a ransom is given.
But later, after denying the hijacking situation, the threat actors again posted to the hacking forum that their server was utterly compromised and confirmed that whoever it was targeting the cybercriminal group.
Currently, the hacker of their servers is still at large and unknown.
What is the effect of this hijacking on REvil’s operations?
As cyber authorities and law enforcement obtained access to the REvil decryption key and released a free decryptor, some ransomware groups believe that the FBI or other cyber security firms have had access to the servers because of REvil’s relaunching.
Moreover, it is also possible that the cybercriminal group is trying to access and control the operation once again.
However, Russia’s REvil will stop operating for good since they are missing critical components for their operations and has been struggling to recruit new users.
In addition, after the group conducted a massive attack on companies via a zero-day vulnerability, the REvil operation suddenly stopped operating. Their spokesperson suddenly disappeared, which brought them to a dormant state.
Because of this latest hijacking incident, REvil’s operation in its current forum will be permanently disbanded.
Unfortunately, this is not the end of this malicious cybercriminal group since there is a high possibility that they will rebrand as a new operation soon.
