Security News > 2021 > September > REvil’s Back; Coder Fat-Fingered Away Its Decryptor Key

The REvil ransomware gang's tentacles shot out yet again last week, with the ransomware gang's servers back online, a fresh victim listed on its site, ransomware payments back up and flowing, and an explanation of why it took a two-month hiatus.

Has reported, REvil posted twice on the Exploit underground forum on Friday, Sept. 10, to clarify what happened during that Kaseya-related key generation process and how a coder fat-fingered the generation and leaking of the universal key.

REvil's alleged new rep, operating under the alias "REvil," explained that the criminal organization's encryption process allows for generation of either a universal decryptor key or individual keys for each of a victim's encrypted machines.

REvil Back Up. The screenshot below, captured by Flashpoint, depicts REvil's new registration on Exploit.

Two days earlier, on Tuesday, Sept. 7, REvil's leak site - known as Happy Blog - was back up, and it's now "Fully operational," according to Flashpoint: "For all intents and purposes, it appears that REvil is fully operational after its hiatus," Flashpoint researchers wrote.

On Saturday, the gang published screenshots of stolen data for the new victim on its data leak site as further proof that REvil is back in action.

News URL

https://threatpost.com/revil-back-coder-decryptor-key/169403/