Security News > 2021 > October > REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised
REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus.
The development, first spotted by Recorded Future's Dmitry Smilyanets, comes after a member affiliated with the REvil operation posted on the XSS hacking forum that unidentified actors had taken control of the gang's Tor payment portal and data leak website.
The Russia-linked ransomware group attracted major scrutiny following its attacks on JBS and Kaseya earlier this year, prompting it to take its darknet sites offline in July 2021.
On September 9, 2021, REvil made an unexpected return, resurfacing both its data leak site as well as payment and negotiation portals back online.
Last month, the Washington Post reported that the U.S. Federal Bureau of Investigation held back from sharing the decryptor with the victims of Kaseya ransomware attack for nearly three weeks, which it obtained from accessing the group's servers, as part of a plan to disrupt the gang's malicious activities.
While it's not uncommon for ransomware groups to evolve, splinter, or reorganize under new names, the criminal field has increasingly come under the lens for striking critical infrastructure, even as more cybercriminals are recognizing the profitability of ransomware, in part bolstered by the unregulated cryptocurrency landscape, thus enabling threat actors to extort victims for digital payments with impunity.