After receiving penance, the notorious ransomware-using hacker group REvil (known for using ransomware in extorting companies for millions of dollars and selling data on the dark web when it doesn’t get its way) has finally stopped speaking.

Tech Crunch reports that the Tor payment portal and blog for data leaks were hijacked by the group, rendering it unable to function and essentially useless.

One threat actor associated with REvil, 0_neday, recently posted that the attacker removed ‘Happy Blog’ and deleted the path for Tor service configuration files. The malicious file was then replaced by a malicious one in an attempt to catch the criminals.

Since before the blackout, REvil was gaining attention from the US government for its misconduct. The group attempted to extort Acer for around $100 million.

REvil’s wrongdoings also affected Quanta Computer, an Apple supplier, and thousands of more organizations that use Kaseya IT management software.

It’s not clear who attacked the group. Perhaps it was revenge or a government preventative. We can only speculate at this point, but The Washington Post reports that the government had obtained a key that could have shut down the group back in September. They decided to wait for some reason, and the Happy Blog was taken offline by its own will.

However, the group returned to power after the takedown. Perhaps the government decided to take down the group after all. Bleeping Computer reports that other whispers suggest a mutiny, with an ex-member of the group resurfacing and possibly staging a takeover.

It’s a win-win for both the tech industry as well as the cyber-conscious. Let’s hope this is the last time we see them. As always, this is a reminder to ensure that you are up-to-date with cybersecurity. Hackers are everywhere and don’t seem to slow down.

Leave a comment

Your email address will not be published. Required fields are marked *