CATEGORIES
home News

Notorious REvil Black Hat Hacking Group Mysteriously Goes Offline After Kaseya Attack

by Nathan OrdWednesday, July 14, 2021, 10:26 AM EDT
notorious black hat hacking group revil has gone offline for now
It appears that REvil, the threat actor group behind attacks on JBS Global and Kaseya, among others, has gone dark. While this could be a good thing, it may not be worth holding your breath as there are other explanations for REvil “disappearing” in the short term.

Prior to the July 4th holiday in the United States, REvil executed an attack on Kaseya, a management software company based out of Florida. This led to upwards of 1,500 businesses downstream having their files encrypted and held for ransom by the threat actor group’s ransomware. With this rise in attacks, the Biden administration has seemingly put cybersecurity as a priority.

tweet 1 notorious black hat hacking group revil has gone offline for now

Less than a day ago, BleepingComputer’s Lawrence Abrams reported on Twitter that all REvil sites were down, “including the payment sites and data leak site,” which has since been confirmed. Further, the purported spokesperson for REvil, Unknown, was incredibly silent up until the account was banned from popular Russian-speaking hacking forum XSS.

happy blog notorious black hat hacking group revil has gone offline for now
Current Website Status: Top, Website After Kaseya Attack: Bottom

Initially, people believed that this was just part of the ebb and flow of hacking groups as sites would go offline and return elsewhere. This would be partly because of the "business" these groups run, leading web hosts to be wary of keeping these ransomware websites online. However, the consensus began to pivot when more REvil infrastructure went offline, and there was silence from the group.

tweet 2 notorious black hat hacking group revil has gone offline for now

Abrams further reported that a representative for LockBit ransomware claimed that the authorities went after one of REvil’s servers which was then erased. However, it is still unknown who is behind this if the report is accurate. At present, U.S law enforcement agencies have not commented on the situation, but the operation may still be ongoing, and thus they cannot. Alternatively, REVil did have one of its servers seized and has since gone underground to avoid the law. This could also mean that we will see REvil return as a rebranded group, as has happened in the past with other groups.

If REVil disappearing was the work of the United States or potentially Russian law enforcement, hopefully, we will have clarification soon. Otherwise, it is likely things will remain quiet until REvil, or a reformed-REvil appears online again. We will have to wait and see, so keep an eye on HotHardware for this developing situation.
Tags:  security, Russia, cybersecurity, Ransomware, revil, russian, kaseya, united-states
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment