Security News > 2021 > October > REvil ransomware shuts down again after Tor sites were hijacked
The REvil ransomware operation has likely shut down once again after an unknown person hijacked their Tor payment portal and data leak blog.
The Tor sites went offline earlier today, with a threat actor affiliated with the REvil operation posting to the XSS hacking forum that someone hijacked the gang's domains.
The thread was first discovered by Recorded Future's Dmitry Smilyanets, and states that an unknown person hijacked the Tor hidden services with the same private keys as REvil's Tor sites and likely has backups of the sites.
The threat actor went on to say that they found no signs of compromise to their servers but will be shutting down the operation.
After REvil conducted a massive attack on companies through a zero-day vulnerability in the Kaseya MSP platform, the REvil operation suddenly shut down, and their public-facing representative, Unknown, disappeared.
After Unknown did not return, the rest of the REvil operators launched the operation and websites again in September using backups.