Dark Web Spotlight: REvil Ransomware Gang Goes Dark

Nathaniel Hawthorne wrote, “Families are always rising and falling in America.” The same can be said for dark web ransomware gangs. As of mid-October 2021, the TOR sites belonging to REvil have gone dark. There seem to be little efforts being made to restore the site, signaling the possible end of the REvil ransomware gang. The REvil ransomware gang has been part of the internet’s underbelly since May 2020 when they attempted to extort President Donald Trump and followed that up by leaking legal documents belonging to Lady Gaga. It was in the summer of 2021 REvil saw their greatest success: three massive ransomware attacks in the United States with the Colonial Pipeline, JBS Foods, and Kaseya USA cyberattacks. REvil was found to be responsible for two of the three attacks. Together, these attacks triggered an international incident with the US President Biden and President of Russia Vladimir Putin exchanging threats. The US Congress responded with an influx of cybersecurity legislation. But the higher one climbs, the further the fall can be. In July, REvil was facing a revolt by their users. The ransomware gang had issued their software to numerous affiliates for either a fee or a cut of the ransom. However, affiliates failed to see the promised monetary returns and then hijacked REvil’s website by flooding it with pornographic material. As of September 2021, a universal decryptor utility has been released, allowing victims of REvil to recover their lost data. A month later, just before Halloween, the servers running REvils TOR site have been compromised, and the ransomware gang has gone dark. It’s too soon to call this an obituary. Crime is persistent, and an offshoot of the REvil gang could appear in the future.