REvil ransomware gang’s websites shut down: Report

The REvil ransomware operation’s infrastructure and websites have unexpectedly vanished from the dark web, leading to speculation that the criminal operation has been shut down.


REvil, or Sodinokibi, is a ransomware operation that uses a variety of clear web and dark web portals as ransom negotiation sites, ransomware data leak sites, and backend infrastructure.


As per recent reports by BleepingComputer, the ransomware gang’s website has mysteriously vanished from the dark web.



An error message is displayed which says, “Onionsite not found” while accessing the website.



REvil ransomware tor site shut down or disabled



According to Al Smith of the Tor Project, the onion site may be down or disabled.


REvil sites used to lose connectivity for a short period of time, but it’s unusual for all of them to be down at the same time.


Furthermore, DNS queries no longer resolve the decoder[.]re clear website, possibly indicating that the domain’s DNS records have been withdrawn or that the backend DNS infrastructure has been shut down.


docoder[.re] backend DNS infrastructure shut down



On the dark web, the group’s Tor network infrastructure includes one data leak blog site and 22 data hosting sites.


It is rumoured that the REvil gang wiped their servers after learning of a government subpoena, according to a LockBit ransomware representative who posted to the XSS Russian-speaking hacking forum.



REvil ransomware gang's servers wiped out or shut down




REvil’s server infrastructure was subjected to a legal request from the government, which required REvil to fully wipe its server infrastructure and vanish.


It hasn’t been confirmed, yet.


REvil’s ‘Unknown,’ the ransomware gang’s public-facing member, was banned from the forum by the XSS moderator.


On July 2nd, the REvil ransomware gang used a zero-day vulnerability in the Kaseya VSA remote management system to encrypt around 60 managed service providers (MSPs) and over 1,500 individual businesses.


REvil demanded $70 million for a universal decryptor for all victims, but later lowered the price to $50 million.


Since then, law enforcement has been paying closer attention to the ransomware group.


It’s unclear whether REvil’s servers were taken down for technical reasons, if the gang shut down their operation, or if a Russian or US government enforcement operation was involved.



You might also like:

American fashion brand Guess suffers data breach

Magecart hackers hide stolen credit card data into images and fake CSS files

Kaseya issued fixes for flaws exploited in REvil ransomware attack

Kaseya supply-chain attack: Firms hit by REvil ransomware

Kaseya Supply-Chain attack: REvil ransomware gang demands $70 million

REvil ransomware attacks US nuclear weapons contractor