Technology

REvil Ransomware Group Goes Dark After Tor Site Hijacked – TechCrunch

REvil linked to the infamous Russia Ransomware Well-known gangster Cyber ​​attack At Caseya, Travelex and JBS earlier this year, Tor The payment portal and data breach blog are allegedly hijacked.

Shutdown occurs weeks after the group reappears after a month of hiatus. Meanwhile, the group became quiet after facing the heat from the US government accordingly. For attacks on KasayaAs a result, thousands of companies have been infected with ransomware. The shutdown news was first claimed by a threat actor known to be related to REvil operations in a known crime forum post first discovered by Recorded Future’s. Dmitry Smilyanets..

According to an attacker’s post, the group’s Tor service was hijacked and probably replaced with a copy of the group’s private key from a previous backup. “The server was in jeopardy and they were looking for me,” the post reads. “To be precise, they deleted the path to my hidden service in the torrc file [used for configuring the Tor service] Raised themselves so that I would go there. I checked other people — this wasn’t the case. Good luck everyone, I’m off. “

What does REvil’s Tor site look like when it’s released after it’s been apparently hijacked? (Image: TechCrunch)

At the time of writing, it’s not clear who compromised REvil’s server.Report by Washington post In September, the FBI said it had obtained the encryption key for a group of companies that were hit by the July Kasaya attack, but that the authorities did not carry out a planned removal after the group disappeared.Others Point out the possibility of acquisition A longtime spokesman for the group, by a former group member known as “Unkn” or Unknown, he didn’t come back when the other members of the group reappeared in September.

“We didn’t know the reason for his loss, so we thought he was dead and resumed work,” the threatening actor explained in a post on their forum. “But today we are from 12:00 to 17.10 Moscow time, so someone brought out a hidden service of landing and swamps with the same key as us. I was worried about my fear.”

VX-Underground, website hosting malware source code, samples, and treatises Tweet Only Unknown and forum post threat actors have a REvil domain key, and the ransomware group’s domain was recently accessed using the Unknown key.

According to McAfee, it’s still unclear if the REvil associated with most of the ransomware detections was completely gone in the second quarter of this year.However, since the group suddenly reappeared in September, it has been difficult to recruit users and it has become a group. Increase affiliate fees Seduce new threat actors.



https://techcrunch.com/2021/10/18/revil-ransomware-group-goes-dark-after-its-tor-sites-were-hijacked/ REvil Ransomware Group Goes Dark After Tor Site Hijacked – TechCrunch

Back to top button