REvil Ransomware operators are now claiming that the group is ending its activity, again. The group had resurfaced a few weeks after it closed shop in July 2021 which is leaving researchers skeptical regarding its latest shut down.
REvil Ransomware Group
According to ZDNet, cybercriminals that are claiming to be part of the notorious REvil ransomware group have actually allegedly said that the gang is supposedly closing shop. This is after the group had lost control of its vital infrastructure and reportedly had internal disputes.
Dimitry Smilyanets, a Recorded Future security expert shared messages on Twitter coming from "0_neday" which is a known REvil operator. The expert discussed what happened on the cybercriminal forum known as XSS. He reportedly claimed that someone took control of the group's very own Tor payment portal as well as a data leak website.
0_neday on 'Unknown'
In the said messages, 0_neday noted that he and "Unknown," which is a particular leading representative of the group, were the only two members of the supposed gang who had REvil's very own domain keys. "Unknown" reportedly disappeared in July 2021 which left other members of this group to assume that he had died.
The group then resumed its operations in September, 2021 but 0_neday still wrote that the REvil domain had actually been accessed using the keys of "Unknown." In yet another message, 0_neday noted that the server was compromised and that they were looking for the user.
0_neday Hidden Service in Torrc File
In order to be precise, they even deleted the path to 0_neday's hidden service in the actual torrc file as well as raise their own in order for them to go there. 0_neday noted that the user checked on others and "this was not" bidding goodluck to everyone stating "I'm off." As of the moment, the Apple bug bounty program is frustrating participating security experts like poor communication, payment confusion, and other issues.
REvil noted that they originally closed shop back in July 2021 and this was after the devastating attack on Kaseya which infected hundreds of organizations all across the world and caused certain untold damage. The group is reportedly one of the most prolific ransomware gangs that are currently operating. This attacked hundreds of vital companies as well as organizations over the course of the last few years.
Law Enforcement Scrutiny
The group, however, attracted immense law enforcement scrutiny after the July 4, 2021 attack on Kaseya and was able to end its operation back on July 13, 2021. In September, 2021, the group then returned which continued to attack dozens of different companies in the course of the last few weeks. T-Mobile is now under investigation for an underground forum that had an alleged giant data breach resulting in over 100 million people affected as per T-Mobile.
The Record notes that the July 13, 2021 shutdown actually happened due to "Unknown" allegedly stealing the group's money and shutting down their servers. This made it hard for those remaining to pay affiliates.
Related Article: Zoom Settles Privacy Lawsuit in California for $85 Million
This article is owned by Tech Times
Written by Urian B.