Menu
On the 17th of October 2021, the Tor sites of REvil ransomware gang went offline after an unknown person hijacked the Tor onion domains with the same private keys as REvil’s Tor sites and may have backups of the sites. One of the threat actors “0_neday”, affiliated with the REvil operation has confirmed that someone has hijack the ransomware gang’s domains to the XSS hacking forum.
“But since we have today at 17.10 from 12:00 Moscow time, someone brought up the hidden-services of a landing and a blog with the same keys as ours, my fears were confirmed. The third party has backups with onion service keys,” – ‘0_neday’.
Due to the unusual activity seen by the ransomware gang, they decided to shut down their operations. And a matter of hours later after the original post by the gang, they confirmed that they had their server had been compromised and that whoever did it was targeting the ransomware gang.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
