REvil is back - and wants to rebuild its reputation
REvil is supposedly clearing its dues in its efforts to re-engage with old affiliates
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
An alleged representative of the notorious REvilransomwaregang has started engaging with members on the Russian-language Exploit cybercrime forum, sharing details about the group’s apparent re-emergence.
After being offline for a majority of two months, several of the dark-web servers belonging to REvilcame back onlinerecently.
REvil went offline after orchestrating theKaseya attacksback in July, following which its properties on both the dark-web and normal webwent offline. The disappearance led to speculation that the group could have been hit by law enforcement agencies, especially since the emergence of a universal decryptor key to help all victims unlock their machines.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
Click here to start the survey in a new window«
However, the purported representative now claims the release of the universal key was an accident, which when discovered was forwarded to law enforcement agencies.
“One of our coders misclicked and generated a universal key, and issued the universal decryptor key along with a bunch of keys for one machine,” wrote REvil’s new representative in theRussian-post translatedby security researchers at Flashpoint.
Mending bridges?
Surprisingly though, the representative didn’t offer any explanation on the disappearance of the group. However, the post didn’t mention that the group was able to restore their operations from backup, which perhaps means that it was targeted in some kind of an offensive operation by the good guys.
In any case, after being in the dark for several weeks, the group has started to restore its online properties. While thecybersecuritycommunity is still skeptical of the group’s return, Flashpoint has seen at least one instance of the group trying to rebuild their reputation with former collaborators, who weren’t pleased with REvil’s sudden disappearance.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
According to Flashpoint, a threat actor on the forum, opened an arbitration case against the REvil spokesperson for unpaid dues from an earlier operation, but soon marked it as resolved, which perhaps indicates that REvil has cleared its dues.
If there’s merit in REvil’s efforts to rebuild ties with old affiliates, it would nicely tie into the narrative of security vendor Exabeam’s chief security strategist, Steve Moore, who told us last week that the group took the downtime to regroup, and is all set to resume operations, with gusto.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Don’t search for information on cats at work — you could be at risk of being hacked
This dangerous new malware is hitting Windows devices by hiding in games
Singapore Criterium live stream 2024: How to watch FREE UCI cycling online
