Security News > 2021 > September > REvil ransomware's servers mysteriously come back online
The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence.
On July 2nd, the REvil ransomware gang, aka Sodinokibi, used a zero-day vulnerability in the Kaseya VSA remote management software to encrypt approximately 60 managed service providers and over 1,500 of their business customers.
The REvil ransomware gang disappeared, and all of their Tor servers and infrastructure were shut down.
Today, both the Tor payment/negotiation site and REvil's Tor 'Happy Blog' data leak site suddenly came back online.
The most current victim on the REvil data leak site was added on July 8th, 2021, just five days before REvil's mysterious disappearance.
It is unclear at this time whether the ransomware gang is back in operation, the servers have been turned back on by mistake, or it is due to the actions of law enforcement.
News URL
Related news
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)