Security News > 2021 > October > Unhappy customers and their own tricks used against them, REvil ransomware gang reportedly pulled offline by 'multi-country' operations

As we noted a few days back, notorious ransomware gang REvil "Disappeared" again this week.

The REvil leaks blog, known as Happy Blog, was made inaccessible on October 17, the same day one of its operators announced the group was shutting down due to a hijacking of their domain on Russian forum XSS, security vendor Flashpoint said at the time.

REvil later returned, but according to Flashpoint, they left many in the ransomware criminal community suspicious due to behaviour such as offering 90 per cent "Commissions" and aggressively recruiting.

Business for REvil was already looking a bit shaky with unhappy customers giving their own negative Tripadvisor-style reviews.

Back in September, Flashpoint reported some of REvil's customers suspected there were backdoors that allow REvil to restore encrypted files themselves in the gang's rentable malware.

In addition to the Colonial Pipeline hack, REvil's notoriety extends to IT management software provider Kaseya, which unwittingly passed on the blessing of malware through its products, as well as Apple supplier Quanta.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/10/22/revil_offline_again/