A darknet portal belonging to the ransomware group REvil, a website called Happy Blog, which was shut down in July this year, is back online.
The group turned off its web infrastructure after a massive attack on the American company Kaseya, which affected thousands of enterprises in several countries around the world. Then there were speculations that the group had disintegrated and was preparing to launch a renamed extortion campaign in order to knock off the trail of American law enforcement agencies and information security companies.
However, on September 7, the Happy Blog site, where the group publishes lists of victims who refused to pay the ransom, returned online. At the moment, the site lists the same organizations as before the server shutdown in July. The payment portal REvil has also “come to life” at the old .onion address.
While cybersecurity experts have not identified new versions of the REvil program, it is also unclear whether the group has carried out new attacks.
Catch up on more articles here
Follow us on Twitter here