REvil ransomware gang goes down

The notorious ransomware group REvil suddenly disappeared from the dark web because the group’s dark website was compromised by anonymous hackers and some data was stolen.

This ransomware group had previously launched targeted attacks on large companies in the United States and other countries, thereby stealing and encrypting corporate files and demanding huge ransoms.

Its dark web mainly provides counseling services for victims, including allowing victims to check information on their sites or communicate with them to negotiate specific ransom amounts.

Although U.S. law enforcement agencies are already pursuing the ransomware group, the hacker who launched the attack against the REvil ransomware group was not a law enforcement agency, and the specific identity is not yet known.

PGA ransomware

Ransomware groups usually set up sites on the dark web, because after layers of encryption through onion routing, the site is not only difficult to block but also difficult to track.

The address prefixes of dark websites are usually random. After being compromised by anonymous hackers, its Tor payment portal and data leak blog were allegedly hijacked.

Judging from the news released by the anonymous hacker, it seems that the hacker is still preparing to continue attacking the websites of other ransomware groups, but the reason for the attack is temporarily unclear.

From the traceability in the past, there is much ransomware associated with this ransomware group. Kaseya, a well-known American management software developer, was attacked before.

McAfee researchers said that in September the ransomware group was also recruiting new participants on the dark web, including recruiting hackers through increased commissions.

Now that REvil’s website is hacked only to make their external contact channels disappear. It may not be long before they will restore the website and make a comeback.

The report released by the US government agency last week showed that in the first half of this year, the amount of extortion paid by US companies exceeded that of the whole year of last year.

It is foreseeable that ransomware attacks will only increase in the future, and daily data backup services must be done to improve security for both individuals and enterprises.

Via: techcrunch