REvil ransomware shuts down again after Tor sites were hijacked

Don’t let the door slam on your way out…:

[…] After REvil conducted a massive attack on companies through a zero-day vulnerability in the Kaseya MSP platform, the REvil operation suddenly shut down, and their public-facing representative, Unknown, disappeared.

After Unknown did not return, the rest of the REvil operators launched the operation and websites again in September using backups.

Since then, the ransomware operation has been struggling to recruit users, going as far as to increase affiliate’s commissions to 90% to entice other threat actors to work with them.

With this latest mishap, the operation in its current forum will likely be gone for good.

However, no good thing lasts forever when it comes to ransomware, and we will likely see them rebrand as a new operation shortly.


Original Article