REvil Is Back on Exploit and Trying to Restore Its Reputation [Updated]

Today a threat actor operating under the alias “REvil” appeared on Exploit claiming to be the group’s new representative on the illicit Russian-language forum. The alleged representative of REvil went on to explain that the ransomware group has managed to come back online using their backups. This is apparently the first time that REvil has appeared on Exploit since the ransomware group disappeared for unspecified reasons in July following its high-profile attack on the Kaseya VSA remote management software. Following the cyberattack, REvil’s TOR servers and infrastructure were shut down and a master decryption key was leaked that worked for Kaseya victims.

Default Author Image
September 9, 2021