Skip to main content
  1. Home
  2. Computing
  3. News

Destructive hacking group REvil could be back from the dead

By

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil — until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Person typing on a computer keyboard.
Image used with permission by copyright holder

Now, it looks like REvil’s sites on the dark web are back in action. According to Bleeping Computer, REvil’s websites are up and running and filled with information new and old, including a list of previous hacking victims alongside a couple of new ones. The hacking group’s domains are accessible through the Tor Browser, which masks URLs to facilitate user privacy.

Recommended Videos

Security researchers became aware of the new activity while monitoring the hacking forum RuTOR, where they saw an advertisement promoting REvil’s services with a new website that redirects to its old domain. The group’s updated services include an apparently improved version of the REvil ransomware, along with an 80/20 revenue-sharing model.

Does this mean that the original REvil crew has somehow been resurrected for another round of high-profile hacks and mischief? Well, that’s not entirely clear. Aside from the fact that the group was gutted by multiple law enforcement investigations around the world, there are other reasons to be suspicious.

For one thing, the website’s code is littered with references to other hacking groups, which might imply that a different malware gang has somehow taken control of REvil’s website. Another possibility is that the new site is a “honeypot” maintained by law enforcement or some other group and designed to capture information about potential clients of REvil.

For now, the mystery remains unsolved. But if REvil is indeed back from the grave — or another hacking group has decided to take it over — it doesn’t bode particularly well for the future, especially considering the havoc caused by hacking group LAPSUS$ in recent months. If you want to stay safe, you can start by ensuring you’re protected by one of the best antivirus apps available and avoid clicking suspicious links on the web or in your emails.

Editors' Recommendations

Topics
Alex Blake
Alex Blake
Computing Writer
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
In the age of ChatGPT, Macs are under malware assault
A person using a laptop with a set of code seen on the display.

It's common knowledge -- Macs are less prone to malware than their Windows counterparts. That still holds true today, but the rise of ChatGPT and other AI tools is challenging the status quo, with even the FBI warning of its far-reaching implications for cybersecurity.

That may be why software developer Macpaw launched its own cybersecurity division -- dubbed Moonlock -- specifically to fight Mac malware. We spoke to Oleg Stukalenko, Lead Product Manager at Moonlock, to find out whether Mac malware is on the rise, and if ChatGPT could give hackers a massive advantage over everyday users.
State-sponsored attacks

Read more
Ransomware attacks have spiked massively. Here’s how to stay safe
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

No one wants to fall victim to ransomware, but a new report from blockchain security firm Chainalysis claims that ransomware payments could be set for a record-breaking year, with criminals raking in close to half a billion dollars just seven months into 2023.

According to the analysis, ransomware payments this year have totaled $449.1 million so far. That’s $175.8 million more than this time last year, suggesting that hackers have doubled down on this method of extracting money from unfortunate victims.

Read more
This critical exploit could let hackers bypass your Mac’s defenses
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

Read more