The REvil group has returned

The REvil group has returned

The ransomware group REvil, which disappeared from sight a few months ago, has returned to activity and is attacking companies again. The first signs of activity groups appeared on last week, when the portal REvil in darknet again earned .


REvil entered the ransomware scene in 2019 and became widely known for attacks on a number of large companies, including JBS and Kaseya, from which they demanded multimillion-dollar ransoms to recover encrypted data.


The group turned off its web infrastructure after a massive attack on the American company Kaseya, which affected thousands of enterprises in several countries around the world. The ransomware demanded $ 50 million from the company for a universal decryptor. In late July, Kaseya announced that it had received the decryption key from a "third party".


For almost two months, nothing was heard about the group, but on September 7, the payment site and the site of leaks REvil returned online with the same list of victims, and on September 9, a new version of the REvil ransomware was uploaded to VirusTotal, compiled on September 4.


According to a message on one of the hacker forums, the group has a new public representative instead of the administrator of REvil, who uses the pseudonym Unknown (or UNKN). According to a new spokesman known as REvil, the group has temporarily ceased operations due to suspicions that Unknown has been arrested and the servers have been compromised. He also said that the universal decryptor obtained by Kaseya simply "leaked" due to an error during key generation, and not after a law enforcement operation, as previously thought.

Previous Post Next Post