REvil ransomware shuts down its operations once again as both their payment portal and data leak site have been victims of hacking.
- REvil ransomware gang shuts down after a threat actor hijacked their Tor leak site and payment portal.
- Smilyanets shared the screenshot of the hacking forum on his Twitter account, which discloses that the private keys of the payment platform REvil have been compromised.
REvil ransomware shuts down its operations once again as both their payment portal and data leak site have been victims of hacking.
Dmitry Smilyanets from Recorded Future first reported the news of the hack.
“But since we have today at 17.10 from 12:00 Moscow time, someone brought up the hidden-services of a landing and a blog with the same keys as ours, my fears were confirmed. The third-party has backups with onion service keys,” wrote ‘0_neday’ on the hacking forum.
REvil operators will provide the decryption keys to the affiliates to allow them to continue their operations.
The threat actor went on to say that they found no signs of compromise to their servers but will be shutting down the operation.
The threat actor then told affiliates to contact him for campaign decryption keys via Tox, likely so affiliates could continue extorting their victims and provide a decryptor if a ransom is paid.
It is still unclear how threat actors could have had access to the private keys of the REvil operation; some speculate that the keys were obtained by law enforcement since they resumed their activity in September after a short pause.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?