Servers belonging to the group of cybercriminals revil is up and running again, including tools that help implement ransomware.
According to cybersecurity researchers consulted by the website Beeping ComputerThe sites live on the Tor network and are accessible through an internal network focused on Russian-speaking audiences.
The content includes details for those who want to join the team and order ransomware and share 20% of the earnings with cybercriminals. Among the victims listed as “successful cases” are REvil’s targets in recent years. However, it is not possible to know whether the pages are actually run by former members or by a group that has inherited the structure left by the team.
Originally founded in Russia, REvil was particularly active between 2020 and 2021. The Colonial Pipeline pipeline, JBS group and developer Kaseya, which has paralyzed its services for days due to the attacks, are prominent among the victims.
The gang began to disband at the end of last year, thanks to a task force that brought together officials from several countries. It was even hacked and the encryption key was made public, causing the group to temporarily shut down its activities. In early 2022, members began to be identified and arrested worldwide.
Source: Tec Mundo
