{"id":5335,"date":"2021-09-07T14:17:41","date_gmt":"2021-09-07T05:17:41","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=5335"},"modified":"2021-09-13T14:20:07","modified_gmt":"2021-09-13T05:20:07","slug":"the-return-of-revil-revil-servers-are-suddenly-back-online","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/the-return-of-revil-revil-servers-are-suddenly-back-online\/","title":{"rendered":"The return of REvil? REvil servers are suddenly back online"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5335\" class=\"elementor elementor-5335\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-307baaf elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"307baaf\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-09f44ee\" data-id=\"09f44ee\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-117cb45 elementor-widget elementor-widget-text-editor\" data-id=\"117cb45\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The operation servers of the REvil ransomware gang, aka Sodinokibi, have just been turned on for the first time since July after their large-scale attack against Kaseya when they used a zero-day vulnerability in the Kaseya VSA remote management software to encrypt around 60 managed service providers (MSPs) and over 1,500 of their business customers.<\/p><p>Their disappearance was noticed when REvil\u2019s servers and payment sites were suddenly down and their public spokesperson couldn\u2019t be reached for a response on the situation. Although now Cyber security researchers have now spotted that \u2018Happy Blog\u2019, REvil\u2019s Tor data leak site and Tor negotiation site has returned recently.<\/p><p>The last known trace of the gang was when Kaseya obtained the master decryptor mysteriously from a trusted \u2018third party\u2019 a couple of weeks after REvil\u2019s server were turned off. There is the belief that the decryption key sent to Russian intelligence by the gang and then was passed onto the FBI as a gesture of goodwill.<\/p><p><strong>Back in operation?<\/strong><\/p><p>No one knows what the reason for the shutdown of the server in July, although it is possibly due to pressure from law enforcement. But the reason for the resurfacing of the server is still unclear at this time as it could mean that either the ransomware gang is back in operation or it is due to the actions of law enforcement.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>The operation servers of the REvil ransomware gang, aka Sodinokibi, have just been turned on for the first time since July after their large-scale attack against Kaseya when they used a zero-day vulnerability in the Kaseya VSA remote management software to encrypt around 60 managed service providers (MSPs) and over 1,500 of their business customers. Their disappearance was noticed when<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":5336,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,221,12,9,2,7,8,1],"tags":[],"class_list":["post-5335","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-national-infrastructure","category-read_article","category-ransomware_criminals","category-ce_news","category-by_country","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2021\/09\/Picture1.jpg?fit=1379%2C1034&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5335"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=5335"}],"version-history":[{"count":4,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5335\/revisions"}],"predecessor-version":[{"id":5341,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5335\/revisions\/5341"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/5336"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=5335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=5335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=5335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}