Is the REvil ransomware set for a return?
There’s been no official word from REvil yet
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
After being offline for about two months, several of the dark-web servers belonging to notoriousransomwareoperator REvil have come back online.
The usually vocal groupbecame uncharacteristically silentafter orchestrating theKaseya attacksback in July, following which its properties on both the dark-web and normal web, including its ransom negotiating portal, the website where it shares exfiltrated data, and a blog it used to boast about its latest exploits, went offline.
The disappearance led to speculation that the group could have been hit by law enforcement agencies, following its extravagant, butbungled Kaseya campaign.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
Click here to start the survey in a new window«
However,BleepingComputernow reports that a couple of REvil’s properties have come back online again.
Back for real?
Reportedly, REvil’s payment/negotiation site and its data leak site on the dark web are both online.
The security community however is divided in its interpretation of the move.
WhileBleepingComputerthinks it could just be the law enforcement agents tinkering with the supposedly seized servers, others believe that REvil’s about to get back to business.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Revil took time to refit, retool, and take a bit of a holiday over the summer. The fact their sites are back online means they are, again, ready for business and have targets in mind,” security vendor Exabeam’s chief security strategist, Steve Moore tellsTechRadar Pro.
In fact, Moore goes as far as to suggest that the ransomware operator has “undoubtedly” already laid their hands on a compromised software supply chain.
“The technique began in espionage and has now been borrowed for criminal activity; this campaign hasn’t started yet – but will very soon,” warns Moore.
ViaBleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Nokia confirms data breach leaked third-party code, but its data is safe
Rising AI threats are making firms turn back to human intelligence
3 reasons why PIA fell in our best VPN rankings
