Security News > 2021 > October > REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say
There have been rumblings about REvil getting sucker-punched for a while: Last week, Flashpoint reported that on Oct. 17, a REvil operator announced that the ransomware group was shutting down its presence on the high-tier Russian language forum XSS after their domain had been "Hijacked."
"The REvil operation stated that the REvil domain was accessed using Unknown's keys, confirming their concerns that a third-party has backups with their service keys," according to Flashpoint's writeup.
In September, news broke that REvil had conned its own affiliates out of ransomware payments by using double chats and a backdoor that let REvil operators hijack ransom payments.
On Oct. 18, the XSS moderators closed the thread where REvil made its pitch for new affiliates and advised fellow users to block REvil accounts.
After its servers went offline in July - a disappearance that some observers linked to its main operator taking off to avoid the heat generated by the Kaseya attack - REvil reared its slimy head again in September.
"As work from REvil is clearly drying up now, affiliates will need new sources of revenue. It won't be surprising to see stolen [data] sold on the dark web. I anticipate that some organizations who believed their data was safe because they paid an REvil ransom are in for a rude awakening."
News URL
https://threatpost.com/revil-servers-offline-governments/175675/