This article was updated on 22 October 2021 after new information surfaced. Click here (opens in new tab) to jump to the new info.
Rampant hacker group REvil—known for using ransomware to extort companies for millions and selling data on the dark web when it doesn't get its way—has gone silent after finally receiving some penance, it would seem.
According to reports (via Tech Crunch (opens in new tab)), the group's Tor payment portal and data leak blog have been hijacked, leaving the group crippled and platformless.
A recent post from one threat actor associated with REvil, 0_neday, notes the attack not only took down 'Happy Blog,' it also deleted the path to the Tor service config files, replacing it with a malicious one to catch out the miscreants.
RIP 🪦 #REvil pic.twitter.com/LJKnJI9YtWOctober 17, 2021
REvil had been gaining heat from the US government over it's misconduct for some time before the blackout. Not long ago, the group targeted Acer (opens in new tab), attempting to extort the company for approximately $100 million, and the group's backlog of victims doesn't stop there.
Apple supplier Quanta Computer, and thousands of organisations using Kaseya IT management solutions have also been affected by REvil's wrongdoings.
We originally speculated about exactly who targeted the hackers, but new information has surfaced as to the culprit. Turns out it was a takedown from the FBI itself, with the help of "Cyber Command, the Secret Service and other like-minded countries," as Reuters (opens in new tab) reports.
The Washington Post (opens in new tab) noted a while back that the US government had managed to obtain a decryption key, one that could've shut the group down back in September. However, they decided to hold off for whatever reason, only to notice the Happy Blog went offline of its own volition.
That only lasted a while before the group resurfaced, though. So the big-wigs decided to execute a takedown, after all.
Bleeping Computer (opens in new tab) says other whispers had suggested a mutiny was underway, with a former group member who didn't join the resurfacing potentially staging a takeover, but that idea has since been debunked.
Either way, it's a win for the tech industry and the cyber-conscious. Lets hope that's the last we see of them. And as always, let this be a warning to keep your cybersecurity knowledge up to scratch. Hackers are all around us, and they don't often let up easy.