REvil servers back online after months of inactivity

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

REvil seems to be back again. The servers on the Tor network that the hacker group used to distribute its malware are back online. The website lists dozens of pages of victims.

This is evident from screenshots taken by various security researchers, BleepingComputer writes.

REvil is back

REvil is a hacker group operating out of Russia. The group is known for extorting victims with ransomware. With this ransomware, they copy confidential and company sensitive information and place these files under lock and key with their victims. This data is only accessible again if the victims pay a ransom. Some prominent victims of the hacker collective were money exchange office Travelex, meat producer JBS, and ICT service provider Kaseya.

Investigation and enforcement agencies took a hard line against the Russian hackers. Last summer it seemed as if REvil had disappeared from the face of the earth. Websites on the dark web and the regular internet had spontaneously gone black. The help desk was also no longer available. Finally, Unknown, the spokesperson for the hacker group, was banned from the XSS hacker forum.

In September 2021, the Tor payment site and the Happy Blog – where victims can negotiate the amount of the ransom – were suddenly up and running again. There were also new ransomware attacks at that time. A month later, the FBI said it had taken REvil’s entire infrastructure offline. Several leaders were arrested in the US, Germany and even Russia.

New victims and distribution key

That was the end of exercise for REvil. Or not? Cybersecurity experts say the hacker group is active again. Their new website is frequently mentioned on

Read more

Explore the site

More from the blog

Latest News