HomesecurityREvil ransomware: "Closes" again after a violation of Tor sites

REvil ransomware: "Closes" again after a violation of Tor sites

His business REvil ransomware Found out of order once again, as someone violated the Tor payment portal and the data leak blog.

See also: VirusTotal: What did the analysis of 80 million ransomware samples show?

REvil ransomware

Tor sites were offline yesterday. A hacker related to Revil ransomware announced at XSS hacking forum that someone violated the domains of the gang. Nouns, violated Tor hidden services (onion domains) using the same private keys as hers REvil gang ransomware.

The thread was first detected by Dmitry Smilyanets of Recorded Future. 

The hacker initially reported on the forum that no evidence had been found to prove that the gang's servers had been compromised, but the operation was shut down.

See also: USA: Ongoing ransomware attacks on water sector facilities

The hacker, on the other hand, told his associates to contact him for decryption keys via Tox, most likely to continue to blackmail their victims and provide the decryption tool after the ransom is paid.

To use a Tor hidden service (.onion domain), one must create a pair of private and public key.

The private key should be secure and accessible only to trusted administrators, as anyone with access to this key could use it to start the same .onion service on their own server.

After someone was able to break into the REvil ransomware gang domains, it means that they had access to private keys.

See also: Global ransomware meetings: Russia and China left out

REvil Tor

Eventually, the hacker made another post on the hacking forum, but this time he said the server had been compromised.

At this time, we do not know who is behind this breach that resulted in the shutdown of the REvil ransomware gang.

REvil ransomware has probably shut down permanently

After a massive attack on companies, through a vulnerability in the Kaseya MSP platform, the REvil ransomware function suddenly shut down and its representative disappeared.

Others Revil operators ransomware brought back ransomware operation in September, using backups.

This breach, however, could bring a definitive end to the REvil ransomware business.

Nevertheless, when we talk about ransomware nothing is certain. The group may return soon under another name.

Source: Bleeping Computer

Digital fortress
Pursue Your Dreams & Live!