REvil ransomware group returns following Kaseya attack

[[correlate]]

Content source

https://therecord.media/revil-ransomware-group-returns-following-kaseya-attack/

Dark web portals previously operated by the REvil ransomware gang has come back to life earlier today, sparking fears that the once-vaunted ransomware gang will soon resume its attacks.

The website, called the Happy Blog, was one of the many servers that REvil members shut down on July 13, earlier this year.

REvil ransomware group returns following Kaseya attack

A dark web portal previously operated by the REvil ransomware gang has come back to life earlier today, sparking fears that the once-vaunted ransomware gang will soon resume its attacks.

therecord.media

 

[plat]

Hmm, just got this on my Twitter line. So, what's the deal now? Stay tuned, I guess.

Spoiler

Source thread

 

[[correlate]]

REvil Is Back on Exploit and Trying to Restore Its Reputation​

Today a threat actor operating under the alias “REvil” appeared on Exploit claiming to be the group’s new representative on the illicit Russian-language forum. The alleged representative of REvil went on to explain that the ransomware group has managed to come back online using their backups. This is apparently the first time that REvil has appeared on Exploit since the ransomware group disappeared for unspecified reasons in July following its high-profile attack on the Kaseya VSA remote management software. Following the cyberattack, REvil’s TOR servers and infrastructure were shut down and a master decryption key was leaked that worked for Kaseya victims.

REvil Is Back on Exploit and Trying to Restore Its Reputation [Updated]

A threat actor operating under the alias “REvil” appeared on Exploit claiming to be the ransomware group’s new representative on the illicit Russian-language forum.

www.flashpoint-intel.com