U.S. markets close in 2 hours 29 minutes

  • S&P 500

    4,482.54
    +11.17 (+0.25%)
     

  • Dow 30

    35,254.84
    -39.92 (-0.11%)
     

  • Nasdaq

    14,993.78
    +96.44 (+0.65%)
     

  • Russell 2000

    2,271.34
    +5.69 (+0.25%)
     

  • Crude Oil

    82.21
    -0.07 (-0.09%)
     

  • Gold

    1,765.40
    -2.90 (-0.16%)
     

  • Silver

    23.28
    -0.06 (-0.27%)
     

  • EUR/USD

    1.1621
    +0.0020 (+0.17%)
     

  • 10-Yr Bond

    1.6020
    +0.0830 (+5.46%)
     

  • GBP/USD

    1.3735
    +0.0058 (+0.43%)
     

  • USD/JPY

    114.2400
    +0.5630 (+0.50%)
     

  • BTC-USD

    61,940.65
    +992.45 (+1.63%)
     

  • CMC Crypto 200

    1,442.03
    -9.60 (-0.66%)
     

  • FTSE 100

    7,203.83
    -30.20 (-0.42%)
     

  • Nikkei 225

    29,025.46
    +474.56 (+1.66%)
     

REvil ransomware group goes dark after its Tor sites were hijacked

Carly Page
·2 min read

REvil, the notorious Russian-linked ransomware gang responsible for the high-profile cyberattacks on Kaseya, Travelex, and JBS earlier this year, has disappeared again after its Tor payment portal and data leak blog were allegedly hijacked.

The shutdown comes weeks after the group re-emerged following a months-long hiatus, during which the group went quiet after facing heat from the U.S. government in response to its attack on Kaseya, which resulted in thousands of companies becoming infected with ransomware. News of the shutdown was first claimed by a threat actor known to be affiliated with the REvil operation in a post on a known criminal forum, first discovered by Recorded Future's Dmitry Smilyanets.

The threat actor's post said the group's Tor services were hijacked and replaced with a copy of the group's private keys, likely from an earlier backup. "The server was compromised and they were looking for me," the post reads. "To be precise, they deleted the path to my hidden service in the torrc file [used for configuring the Tor service] and raised their own so that I would go there. I checked on others — this was not. Good luck everyone, I'm off."

What REvil's Tor site looks like at the time of publication following an apparent hijack. (Image: TechCrunch)

At the time of writing, it isn't clear who compromised REvil's servers. A report by The Washington Post in September said the FBI had obtained the group's encryption keys for the companies hit by the Kaseya attack in July, but that the agency's planned takedown never happened after the group disappeared. Others are pointing to a possible takeover by a former group member, known as "Unkn," or Unknown, a long-time spokesperson for the group, who did not return when the rest of the group reemerged in September.

“Since there was no confirmation of the reason for his loss, we resumed work, thinking that he was dead,” the threat actor explained in their forum post. “But since we have today at 17.10 from 12:00 Moscow time, someone brought up the hidden-services of a landing and a bog with the same key as ours, my fears were concerned.”

VX-Underground, a website that hosts malware source code, samples, and papers, tweeted that only Unknown and the forum-posting threat actor had REvil domain keys and that the ransomware group’s domain was recently accessed using Unknown's keys.

It remains to be seen whether REvil — linked to the majority of ransomware detections in the second quarter this year, according to McAfee — is gone for good. But since the group’s surprise reappearance in September, it has struggled to recruit users, prompting the group to increase its affiliate commissions to entice new threat actors.

Kaseya hack floods hundreds of companies with ransomware

Recommended Stories

  • City Threatens To Fire Police Officers Who Don't Follow Vaccine Mandate

    The back and forth between the mayor and the Chicago police union continues, with the city sending out a flurry of emails and memos as its vaccine mandate enters its first full week in effect. CBS 2’s Mugo Odigwe obtained the latest threatening memo sent out to officers.

  • Walmart lures consumers to its Walmart+ subscription with early access to Black Friday deals

    Walmart+, the retailer's low-cost alternative to Amazon Prime offering free shipping with no minimums, free grocery delivery, and other perks, is now adding one more reason to become a subscriber: early access to Black Friday deals. The company announced today it will allow paying Walmart+ subscribers to gain early access to its Black Friday events throughout the month of November, including the ability to shop the deals four hours earlier than the scheduled start times for the three planned events. This is the first time Walmart+ has bundled in some sort of early access to deals for the holiday shopping season.

  • Sinclair Broadcast Group says it has been hit by a ransomware attack

    The hackers obtained data from the company's servers.

  • Baidu Shares Pop On China's Next Antitrust Move To Rein Alibaba, Tencent

    China's Ministry of Industry and Information Technology is debating rules to make articles on Tencent Holdings Ltd's (OTC: TCEHY) WeChat messaging app available via search engines like Baidu Inc's (NASDAQ: BIDU), Bloomberg reports. It could divert advertising revenue away from services like WeChat or Douyin toward search engines like Baidu. China is also considering making short videos from ByteDance's Douyin show up in searches. China aims to order companies from Tencent to ByteDance Ltd to per

  • China Weighs Opening Tencent, ByteDance Content to Search, Sources Say

    (Bloomberg) -- China is considering asking media companies from Tencent Holdings Ltd. to ByteDance Ltd. to let rivals access and display their content in search results, a move that could further eradicate online barriers and shake up the internet advertising arena.Most Read from BloombergGoogle’s Biggest Moonshot Is Its Search for a Carbon-Free FutureThe Biggest Public Graveyard in the U.S. Is Becoming a ParkGoogle’s CEO: ‘We’re Losing Time’ in the Climate FightWhy Buying a Second or Even Third

  • Cybersecurity Stocks To Buy And Watch: Demand Grows For Next-Gen Security

    The best cybersecurity stocks to own is changing amid a shift to remote work and cloud security. Now ransomware attacks are impacting budgets.

  • Greater Demand for Cybersecurity, Including Identity & Access Management Software Solutions, Could be Boosting These Stocks

    Photo by Yiorgos Ntrahas on Unsplash The following post was written and/or published as a collaboration between Benzinga’s in-house sponsored content team and a financial partner of Benzinga. As the world becomes increasingly digitized, cybersecurity threats simultaneously mount. The COVID-19 pandemic and a push towards remote work have intensified the threats of data leaks, breaches, ransomware attacks and other cybersecurity concerns. It seems as if cybersecurity attacks are everywhere nowaday

  • Playing digital defence: Small businesses are stepping up their cyber security efforts - but gap in preparedness remains: RBC poll

    As the economy becomes increasingly digitized, cyber security concerns are rising to the top of business risks as ranked by Canadian small business owners – and for good reason. In a recent survey commissioned by RBC1, nearly half of Canada's small business owners report that they anticipate becoming a victim of a cybercrime in the next 12 months – a percentage significantly higher than seen among the general population (34%). Forty per cent of small businesses identified that having devices inf

  • Alibaba Faces New Threat: an Evolving Chinese Shopper

    Already under regulatory scrutiny, Alibaba is losing market share as Chinese consumers shift from targeted product searches to browsing and interaction.

  • S.Africa's MTN and Vodacom join Telkom in temporary spectrum lawsuit

    South Africa's two biggest mobile operators, MTN and Vodacom, have joined number three Telkom in a lawsuit to stop the regulator withdrawing temporary frequency spectrum assigned at the start of the COVID-19 outbreak. The temporary spectrum allowed the operators to deliver faster connectivity to customers to meet a surge in data demand as large numbers of people shifted last year to working and studying from home. MTN and Vodacom have also used the temporary frequencies to launch 5G networks.

  • New car loans are easier to get now than cars

    Finding a car may be harder than in recent memory, but shoppers who do line up a new vehicle are more likely to qualify for a loan.

  • 8 Things to Know When Choosing a Medicare Plan

    The choices can be confusing, and the fine print is important. But it’s crucial to choose wisely, because it may be hard to change your mind.

  • These Are The 5 Best Stocks To Buy And Watch Now

    Buying a stock is easy, but buying the right stock without a time-tested strategy is incredibly hard. So what are the best stocks to buy now or put on a watchlist?

  • 5 Best Chinese Stocks To Buy And Watch

    Hundreds of Chinese companies are listed on U.S. markets. But which are the best Chinese stocks to buy or watch right now? Sohu, Nio, and Li Auto, Xpeng and BYD Co.. China is the world's most-populous nation and the second-largest economy with a booming urban middle class and amazing entrepreneurial activity.

  • Is MARA Stock A Buy As SEC Approves First Bitcoin Futures ETF? Here's What Marathon Digital Stock Chart Shows

    Marathon Digital stock has been volatile as Bitcoin adoption grows. Here’s what the fundamentals and technical analysis say about the stock.

  • OPEC+ Once Again Fails to Pump Enough to Meet Its Output Target

    (Bloomberg) -- OPEC and its allies once again failed to pump enough oil to meet their output targets, exacerbating the supply deficit as the world recovers from the coronavirus pandemic.Most Read from BloombergGoogle’s Biggest Moonshot Is Its Search for a Carbon-Free FutureThe Biggest Public Graveyard in the U.S. Is Becoming a ParkGoogle’s CEO: ‘We’re Losing Time’ in the Climate FightWhy Buying a Second or Even Third Home Is Becoming More Popular Than EverHate-Speech Case Forces Japan to Confron

  • Tech lifts S&P 500, Nasdaq amid inflation, China growth worries

    (Reuters) -U.S. stocks rose on Monday on gains in heavyweight technology companies, although sentiment remained fragile due to slowing economic growth in China and concerns of elevated inflation due to a relentless surge in oil prices. Eight of the 11 major S&P 500 sectors rose, led by consumer discretionary and followed by energy, which tracked Brent crude oil to its highest since October 2018. Apple Inc, Google-parent Alphabet, Amazon.com Inc, Tesla Inc and Facebook Inc, added between 0.3% and 3% to provide the biggest boost to the S&P 500 and the Nasdaq.

  • Revance's stock falls 35% after FDA says it won't approve the company's frown-line injection

    Shares of Revance Therapeutics Inc. tumbled 35.3% in premarket trading on Monday after the company said Friday that the Food and Drug Administration had declined to approve Revance's application for a frown-line treatment. The FDA issued a complete response letter that the company received Oct. 15, citing issues with Revance's manufacturing facilities. Revance said it plans to address those concerns. Revance's stock is down 19.9% for the year, while the broader S&P 500 is up 19.0%.

  • Enapter shares rise after winning an Earthshot award

    MARKET PULSE Enapter (xe:ena) a German-listed maker of hydrogen generators, rose 4% in early Frankfurt tradingas one of the five winners of Prince William's Earthshot prize. The company received £1 million in the "fix our climate" category.

  • Wage inflation is the ‘new norm,’ trucker J.B. Hunt says, but stock soars biggest weekly gain in 12 years

    Labor and equipment costs are likely to stay high, but investors shrug off those concerns to lift the stock toward a record.