REvil ransomware operators claim group is ending activity again, victim leak blog now offline

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Cybercriminals claiming to be part of the REvil ransomware group have alleged that the gang is closing shop after the group lost control of vital infrastructure and had internal disputes. 

Recorded Future security expert Dmitry Smilyanets shared multiple messages on Twitter from ‘0_neday’ — a known REvil operator — discussing what happened on the cybercriminal forum XSS. He claimed someone took control of the group’s Tor payment portal and data leak website.

In the messages, 0_neday explains that he and “Unknown” — a leading representative of the group — were the only two members of the gang who had REvil’s domain keys. “Unknown” disappeared in July, leaving the other members of the group to assume he died. The group resumed operations in September but this weekend, 0_neday wrote that the REvil domain had been accessed using the keys of “Unknown.” 

In another message, 0_neday said, “The server was compromised and they were looking for me. To be precise, they deleted

Read more

Explore the site

More from the blog

Latest News