Skip to content

REvil ransomware gang mysteriously disappears; site goes offline

Following the Kaseya attack fiasco, all clear web and dark web websites used by the REvil Ransomware gang for negotiations, data leaks and other backend infrastructure has been shut down as of July 13.

While it’s not unknown for the REvil gang, sometimes referred to as Sodinokibi, to lose connectivity, causing one or two of their sites to go down. All sites going down simultaneously indicates a total shutdown. 

According to a tweet put out by MalwareHunterTeam, REvil’s clear web payment site decoder(dot)re has been taken down with now A records or DNS response, indicating a total backend shutdown. 

In the News: BIMI security standard rolls out to all Gmail users


Is REvil on the run?

Alan Liska from Recorded Future also tweeted that all REvil sites went offline at around 1 AM EST on Tuesday. 

A LockBit ransomware representative posted on the XSS hacking forum that it’s rumoured that REvil might’ve wiped their servers, fearing action from the US government.

Source: XSS Forums

The forum is in Russian mostly, but when run through Google Translate, the post reads, “according to unconfirmed information, a request from the authorities came to the REvil server, the server was immediately erased, and REvil went offline. But it is not confirmed”.

Following this, the XSS admin banned REvil’s public representative named ‘Unknown’ from the forum. Generally, forums like these ban members who attract unwanted attention, which certainly seems to be the case here. 

It has also come to light that XSS has banned all ransomware related activities on its forums. The admin put out a post stating that all ransomware affiliate programs, ransomware rental and sale of ransomware software are prohibited, and any existing topics will be deleted.

Source: XSS Forums.

The owner also felt that all the chatter around ransomware lately has brought unwanted attention to the site and has made it dangerous and toxic. 

In the News: Twitter verifies six fake accounts as part of a 1212 account botnet

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. If you're running an Adblocker, we humbly request you to whitelist us.

Share on facebook
Share on whatsapp
Share on twitter
Share on reddit
Share on linkedin
Share on pocket
Share on pinterest
Share on telegram
Share on stumbleupon
Share on digg
Share on tumblr
Share on email
Share on skype
Share on xing
Share on vk
Share on odnoklassniki
Share on mix








>