REvil, the notorious Russian-linked ransomware gang responsible for the high-profile cyberattacks on Kaseya, Travelex, and JBS earlier this year, has disappeared again after its Tor payment portal and data leak blog were allegedly hijacked.
The shutdown comes weeks after the group re-emerged following a months-long hiatus, during which the group went quiet after facing heat from the U.S. government in response to its attack on Kaseya, which resulted in thousands of companies becoming infected with ransomware. News of the shutdown was first claimed by a threat actor known to be affiliated with the REvil operation in a post on a known criminal forum, first discovered by Recorded Future’s Dmitry Smilyanets.
The threat actor’s post said the group’s Tor services were hijacked and replaced with a copy of the group’s pri …
