REvil ransomware group having history of launching sophisticated cyber attacks on Kaseya software; JBS Meat and Travelex this year are experiencing strange events these days. The gangās payment portal and data leak blog have been hacked by some other group throwing the developers into jeopardy.
News of the REvil ransomware website getting hacked spread when one of the gang members having admin privileges divulged the news on a hacking forum and had a consultation with security researcher Dmitry Smilyanets from Recorded Future.
Dmitry threw light that the TOR based anonymous payment portal along with the blog were compromised and so the services have been paused for some time by those operating the spread of REvil ransomware.
In September 2021, an article published in the Washington Post claimed the FBI had plans to launch a counterattack on those spreading ransomware and seize their IT infrastructure or at least disrupt their objectives by targeting them digitally.
So, from the developments that have taken place so far, there is a high probability that the attack on the Onion TOR based payments portal and the REvil hackers blog might have been launched by the US based law enforcement agency working in coordination with other agencies across the globe such as Europol, Interpol etcā¦.
Note 1- BitDefender, a Rome based Cybersecurity firm, shared a universal decryptor that helps to decrypt the encryption algorithm of REvil.
Note 2- As the payment options have been blocked, those spreading REvil malware could pause their operations for some time or shut their doors on a permanent note, depending on the severity of the hack impact on their ransomware- as-a-service business.
