Security News > 2021 > September > REvil ransomware's servers mysteriously come back online

REvil ransomware's servers mysteriously come back online
2021-09-07 18:19

The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence.

On July 2nd, the REvil ransomware gang, aka Sodinokibi, used a zero-day vulnerability in the Kaseya VSA remote management software to encrypt approximately 60 managed service providers and over 1,500 of their business customers.

The REvil ransomware gang disappeared, and all of their Tor servers and infrastructure were shut down.

Today, both the Tor payment/negotiation site and REvil's Tor 'Happy Blog' data leak site suddenly came back online.

The most current victim on the REvil data leak site was added on July 8th, 2021, just five days before REvil's mysterious disappearance.

It is unclear at this time whether the ransomware gang is back in operation, the servers have been turned back on by mistake, or it is due to the actions of law enforcement.


News URL

https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/