REvil Ransomware gang disappears again. But this time around, the criminal group likely shut down its operations as both their payment portal and data leak site have been a victim of hacking.
This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province. - From a small, dingy office tucked away in an industrial city in southern China, the Red Hacker Alliance -- one of China's most well-known patriotic "hacktivist" groups -- maintain battle in the country's nationalistic online war.
As per Bleeping Computer, the identity of the person behind the infiltration of REvil's operation platforms has yet to be known. What is clear for now is that the Tor payment site of the criminal gang is currently down.
REvil Ransomware Gang Disappears Again
Last July 13, the notorious Russian-linked ransomware group suddenly disappeared, according to BBC's report.
REvil surprisingly vanished into thin air after its massive attack on the IT firm known as Kaseya, affecting the operations of thousands of businesses across the globe.
What's more, BBC further added that the sudden shutdown comes in the middle of the heated pressure between the two giant nations, the United States and Russia, which concerns the ill effects of cyberattacks.
REvil Ransomware Gang Hacked
Now, for the second time, REvil is shutting down its operations, which could be likely due to the latest hacking against the criminal group.
​
A threat actor claiming to be affiliated with REvil unveiled the hijacking incident in an XSS hacking forum that Expert Threat Intelligence Analyst of the Recorded Future, Dmitry Smilyanets, shared on Twitter.
Smilyanets shared the screenshot of the hacking forum on his Twitter account, which bares that the private keys of the payment platform REvil have been compromised.
The threat actor that goes by the username 0_neday initially said in the hacking forum that there are no visible indications that their servers have been infiltrated by the incident. However, they have decided to shut down their operations.
Meanwhile, 0_neday posted another update in the forum, confirming that the servers have been compromised by an unknown hacker.
Bleeping Computer further noted in the same report that some people suspect that the FBI, along with other law enforcement agencies, already had access to the servers of REvil after its first disappearance in July.
Read Also: Kaseya Former Employees Claim Company Already Knows REvil Hack Will Happen: Signs Shown Back In 2019
REvil's Comeback
Although REvil was reborn months after its disappearance in July through its backups, the ransomware gang has been reportedly struggling to recruit their manpower.
What's more, last Sept 23, underground forums have been filled with accusations that REvil went on to cheat their affiliates to steal the entire ransom payment.
Some of the partner groups of REvil revealed that the ransomware gang allegedly hijacks their partners via a backdoor channel to keep the whole sum of the ransom.
It is to note that the majority of the ransom payment from the victims, or about 70%, actually go to the affiliates that do the dirty tasks like hacking.
And now, it seems that REvil is facing another hiccup in its operations.
Related Article: $5.2 Billion US Crypto Transactions Tied To Common Ransomware Attacks? BTC as the Most Used Cryptocurrency, FinCEN Says
This article is owned by Tech Times
Written by Teejay Boris