13 September 2021

REvil ransomware gang resumes operations


REvil ransomware gang resumes operations

After a few months of silence, the notorious ransomware operation known as Revil or Sodinokibi has returned to life and is once again attacking new victims.

The first signs of the group’s activity were spotted last week, when the servers of the REvil ransomware gang came back online after nearly two months of shutdown following a large-scale ransomware attack against the US-based software company Kaseya that impacted 60 MSPs and over 1,500 businesses in July. The hackers exploited a zero-day vulnerability (CVE-2021-30116) in the Kaseya VSA remote management platform to deploy ransomware to hundreds of IT management companies running Kaseya’s software.

The REvil ransomware gang then demanded $50 million for a universal decryptor for all Kaseya victims, however, the company later announced that it received the decryptor from a “trusted third party”.

The ransomware attack caught the attention of the media and the law enforcement authorities that increased pressure on the group. On July 13, REvil shut down their infrastructure and went silent.

However, on September 7, the REvil’s dark web leak site, also known as the Happy Blog, as well as the group’s Tor payment/negotiation portal came back online. Two days later, on September 9, a new REvil malware sample was uploaded to VirusTotal.

According to a new group’s representative who goes online as ‘REvil’, the gang temporarily shut down its operations after the previous REvil’s representative known as ‘Unknown’ disappeared prompting concerns that he was arrested and servers were compromised.


Back to the list

Latest Posts

Twitch downplays extent of the recent breach, says only small number of customers affected

Twitch downplays extent of the recent breach, says only small number of customers affected

Twitch said that no login credentials or full credit card info data belonging to users or streamers were exposed in the data breach.
18 October 2021
REvil goes off the radar after group’s Tor sites were hijacked

REvil goes off the radar after group’s Tor sites were hijacked

At present, it is unknown who compromised the gang servers.
18 October 2021
US security agencies say ransomware hackers targeted 3 different US water facilities in 2021

US security agencies say ransomware hackers targeted 3 different US water facilities in 2021

Over the past few months, hackers have targeted wastewater plants in California, Maine and Nevada with ransomware attacks.
18 October 2021