REvil returns to the scene
After a short period of absence, REvil is back. The websites of the Russian hacker group are back online, which victims can visit to pay the requested ransom. Members of the hacker collective have also recently made new victims.
REvil, also better known by security experts as Sodinokibi, is a hacker group that operates from Russia. The Russian security service GRU is said to have close ties with the members and even order them to attack foreign powers and international companies. This is strongly denied by the Kremlin. The fact is that REvil has made many victims over the years, including meat producer JBS, energy company Invenergy and ICT service provider Kaseya.
In mid-July, REvil was suddenly nowhere to be seen online. The sites on the dark web and the regular internet were spontaneously taken offline. The help desk was also no longer available. Finally, Unknown, the spokesperson for the hacker group, was banned from the XSS hacker forum.
Why REvil disappeared from the face of the earth out of nowhere is still a mystery. One suggests that the supply chain attack on Kaseya has caught the attention of law enforcement agencies worldwide. Because it got too hot underfoot, the hacker group would have stopped all actions. The other claims US President Biden was responsible for REvil’s disappearance. He promised Russian President Putin that the US would take action against hackers if the Russian government did not take action.
REvil makes a comeback
Had REvil’s hackers finally thrown in the towel? For months no one had the answer to this question. Until recently. REvil is back with a vengeance. Security researcher Brett Callow of antivirus company Emsisoft said last week that the Russian hacker collective had struck again. On September 7, two months after REvil suddenly disappeared, the Tor payment site and the data breach site were suddenly back online. A day later, victims were able to log in.
The real proof that the Russian hackers are back coming when REvil made another victim on Thursday, September 9. Spokesperson Unknown – also known as UNKN – confirmed on a hacker forum that new ransomware attacks have taken place. On a Russian forum, the hacker group denied that law enforcement agencies had put Kaseya’s universal decryptor online. An operator of the group claimed to be responsible for this.
Much to everyone’s surprise, the hackers use the same name. They often take on a different name or identity to obscure any link to previous attacks. REvil not: the hacker group has deliberately chosen to continue their activities under their trusted and well-known name.
Catch up on more articles here
Follow us on Twitter here