fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

REvil ransomware gang’s web sites mysteriously shut down

REvil ransomware gang’s web sites mysteriously shut down

The infrastructure and websites for the REvil ransomware operation have mysteriously gone offline as of last night.

The REvil ransomware operation, aka Sodinokibi, operates through numerous clear web and dark web sites used as ransom negotiation sites, ransomware data leak sites, and backend infrastructure.

Starting last night, the websites and infrastructure used by the REvil ransomware operation have mysteriously shut down.

REvil Tor site no longer accessible
REvil Tor site no longer accessible

“In simple terms, this error generally means that the onion site is offline or disabled. To know for sure, you’d need to contact the onion site administrator,” the Tor Project’s Al Smith told BleepingComputer.

While it is not unheard of for REvil sites to lose connectivity for some time, all sites to shut down simultaneously is unusual.

Also Read: 5 Most Frequently Asked Questions About Ransomware

Furthermore, the decoder[.]re clear website is no longer resolvable by DNS queries, possibly indicating the DNS records for the domain have been pulled or that backend DNS infrastructure has been shut down.

REvil domain no longer resolves to DNS queries
REvil domain no longer resolves to DNS queries

Recorded Future’s Alan Liska said that the REvil web sites went offline at approximately 1 AM EST this morning.

This afternoon, the LockBit ransomware representative posted to the XSS Russian-speaking hacking forum that it is rumored the REvil gang erased their servers after learning of a government subpoena.

“Upon uncorroborated information, REvil server infrastructure received a government legal request forcing REvil to completely erase server infrastructure and disappear. However, it is not confirmed,” the post says in Russian translated to English for BleepingComputer by Advanced Intel’s Vitali Kremez.

LockBit forum post about REvil
LockBit forum post about REvil

Soon after, the XSS admin banned REvil’s ‘Unknown,’ the public-facing representative of the ransomware gang, from the forum.

“As a rule of thumb, the administration of the top forums bans its users when they are suspected of being under the police control,” explained Kremez.

REvil's 'Unknown' banned from hacking forum
REvil’s ‘Unknown’ banned from hacking forum

If you have first-hand information about the shut down, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.

Feeling the heat

On July 2nd, the REvil ransomware gang encrypted approximately 60 managed service providers (MSPs) and over 1,500 individual businesses using a zero-day vulnerability in the Kaseya VSA remote management software.

As part of these attacks, REvil initially demanded $70 million for a universal decryptor for all victims but quickly dropped the price to $50 million.

Since then, the ransomware group has been under increased scrutiny by law enforcement, which did not seem to faze ‘Unknown,’

As these ransomware gangs commonly operate out of Russia, President Biden has been in talks with President Putin about the attacks and warned that if Russia did not act upon threat actors in their borders, the USA would take action themselves.

“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said after signing an executive order at the White House.

At this point, it is not clear if REvil’s shut down of servers is for technical reasons, if the gang shut down their operation, or if a Russian or USA law enforcement operation took place.

Other ransomware groups, such as DarkSide and Babuk, shut down voluntarily due to the increased pressure by law enforcement.

However, when ransomware groups shut down, the operators and affiliates commonly rebrand as a new operation to continue performing ransomware attacks. This was seen in the past when GandCrab shut down and many of its members relaunching as REvil.

Babuk also relaunched as Babuk v2.0 after the original group splintered due to differences in how attacks were conducted.

The FBI has declined to comment regarding the shut down of REvil’s servers.

This is a developing story.

Update 7/13/21 6:31 PM EST: Added more information about hacking forums.

Also Read: How to Choose a Penetration Testing Vendor

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us