Correlate

Level 16
Verified
Top poster
Well-known
May 4, 2019
733
Dark web portals previously operated by the REvil ransomware gang has come back to life earlier today, sparking fears that the once-vaunted ransomware gang will soon resume its attacks.

The website, called the Happy Blog, was one of the many servers that REvil members shut down on July 13, earlier this year.
 

plat1098

Level 26
Verified
Top poster
Well-known
Sep 13, 2018
1,520
Hmm, just got this on my Twitter line. So, what's the deal now? Stay tuned, I guess.

REvil bc.png

Source thread
 

Correlate

Level 16
Verified
Top poster
Well-known
May 4, 2019
733

REvil Is Back on Exploit and Trying to Restore Its Reputation​

Today a threat actor operating under the alias “REvil” appeared on Exploit claiming to be the group’s new representative on the illicit Russian-language forum. The alleged representative of REvil went on to explain that the ransomware group has managed to come back online using their backups. This is apparently the first time that REvil has appeared on Exploit since the ransomware group disappeared for unspecified reasons in July following its high-profile attack on the Kaseya VSA remote management software. Following the cyberattack, REvil’s TOR servers and infrastructure were shut down and a master decryption key was leaked that worked for Kaseya victims.
 
Top