Cyber criminals calling themselves part of the ransomware group REvil have again announced that the group will cease operations. Previously, the hackers had lost control of important infrastructures. In addition, there should have been internal disputes.
Recorded Future security expert Dmitry Smilyanets split up several messages by “0_neday” – a well-known REvil member. The events on the cybercriminal forum XSS are discussed in it. He claims someone has taken control of the Tor payment portal and the group’s data leak website.
On the news, 0_neday explains that he and “Unknown” – another leader of the group – were the only two members of the gang who had REvil’s domain keys. “Unknown” disappeared in July, leaving the other members of the group behind in the assumption that he had died. The group resumed its work in September, but this weekend 0_neday wrote that the keys from “Unknown” had been used to access the REvil domain.
In another message, 0_neday said, “The server was compromised and they were looking for me. To be precise, they deleted the path to my hidden service in the torrc file and increased their own for me to go there. I’ve checked with others – it hasn’t. Good luck to everyone, I’m gone. “
For the first time, the REvil group announced the end of all activities after the attack on Kaseaya in July. However, the group returned in September and attacked dozens of companies in the past few weeks.