{"id":5788,"date":"2021-10-17T11:51:22","date_gmt":"2021-10-17T02:51:22","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=5788"},"modified":"2021-12-12T11:54:26","modified_gmt":"2021-12-12T02:54:26","slug":"revil-ransomware-groups-tor-sites-shut-down-after-being-hijacked","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/revil-ransomware-groups-tor-sites-shut-down-after-being-hijacked\/","title":{"rendered":"REvil ransomware group\u2019s Tor sites shut down after being hijacked"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

On the 17th<\/sup> of October 2021, the Tor sites of REvil ransomware gang went offline after an unknown person hijacked the Tor onion domains with the same private keys as REvil’s Tor sites and may have backups of the sites. One of the threat actors \u201c0_neday\u201d, affiliated with the REvil operation has confirmed that someone has hijack the ransomware gang\u2019s domains to the XSS hacking forum.<\/p>

“But since we have today at 17.10 from 12:00 Moscow time, someone brought up the hidden-services of a landing and a blog with the same keys as ours, my fears were confirmed. The third party has backups with onion service keys,” \u2013 \u20180_neday\u2019.<\/p>

Due to the unusual activity seen by the ransomware gang, they decided to shut down their operations. And a matter of hours later after the original post by the gang, they confirmed that they had their server had been compromised and that whoever did it was targeting the ransomware gang.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

On the 17th of October 2021, the Tor sites of REvil ransomware gang went offline after an unknown person hijacked the Tor onion domains with the same private keys as REvil’s Tor sites and may have backups of the sites. One of the threat actors \u201c0_neday\u201d, affiliated with the REvil operation has confirmed that someone has hijack the ransomware gang\u2019s [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":5793,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[225,6,10,12,9,2,7,1],"tags":[],"class_list":["post-5788","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-heavy-industry","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ransomware_criminals","category-ce_news","category-by_country","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2021\/12\/Picture1-16.jpg?fit=1377%2C1060&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5788"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=5788"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5788\/revisions"}],"predecessor-version":[{"id":5796,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5788\/revisions\/5796"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/5793"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=5788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=5788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=5788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}