Skip to main content
  1. Home
  2. Computing
  3. News

Destructive hacking group REvil could be back from the dead

Alex Blake
By

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil — until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Person typing on a computer keyboard.
Image used with permission by copyright holder

Now, it looks like REvil’s sites on the dark web are back in action. According to Bleeping Computer, REvil’s websites are up and running and filled with information new and old, including a list of previous hacking victims alongside a couple of new ones. The hacking group’s domains are accessible through the Tor Browser, which masks URLs to facilitate user privacy.

Recommended Videos

Security researchers became aware of the new activity while monitoring the hacking forum RuTOR, where they saw an advertisement promoting REvil’s services with a new website that redirects to its old domain. The group’s updated services include an apparently improved version of the REvil ransomware, along with an 80/20 revenue-sharing model.

Related

Does this mean that the original REvil crew has somehow been resurrected for another round of high-profile hacks and mischief? Well, that’s not entirely clear. Aside from the fact that the group was gutted by multiple law enforcement investigations around the world, there are other reasons to be suspicious.

For one thing, the website’s code is littered with references to other hacking groups, which might imply that a different malware gang has somehow taken control of REvil’s website. Another possibility is that the new site is a “honeypot” maintained by law enforcement or some other group and designed to capture information about potential clients of REvil.

For now, the mystery remains unsolved. But if REvil is indeed back from the grave — or another hacking group has decided to take it over — it doesn’t bode particularly well for the future, especially considering the havoc caused by hacking group LAPSUS$ in recent months. If you want to stay safe, you can start by ensuring you’re protected by one of the best antivirus apps available and avoid clicking suspicious links on the web or in your emails.

Editors' Recommendations

Topics
Alex Blake
Alex Blake
Computing Writer
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
Chrome is making a key change to protect you from phishing
Google Chrome with pinned tabs on a MacBook on a table.

Phishing campaigns -- where a fraudulent website or email is made to look like it comes from a legitimate source -- have caused a huge amount of destruction, leading to untold numbers of virus infections and money lost through scams. Google has just rolled out a powerful way to fight phishing in its Chrome browser, however, and it could help you avoid falling victim.

As part of Chrome’s 15th-anniversary update, Google will be pushing its Enhanced Safe Browsing feature to all users in the coming weeks. This checks website URLs against a list of malicious sites stored on Google’s cloud servers, all in real time. If a match is found, the website is blocked and a warning is displayed to users.

Read more
Lapsus$ hackers convicted of breaching GTA 6, Nvidia, and more
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

The Lapsus$ hacking gang caused havoc in 2021 and 2022 with a series of high-profile security breaches and ransom demands. Yet things have been very quiet since then, and two alleged members of the group have just been convicted in the U.K., potentially bringing an end to one of the most notable hacking sprees in recent times.

According to Bloomberg and the BBC, two people accused of being members of the gang were convicted in the U.K. of a number of crimes, including serious computer misuse, blackmail, and fraud. The defendants included Arion Kurtaj, 18, and a 17-year-old male who could not be named due to his age. Both defendants are autistic and psychiatrists deemed that Kurtaj was not fit to stand trial, so he did not give evidence. They will both be sentenced at a later date.

Read more
This Google Chrome feature may save you from malware
Google Chrome app on s8 screen.

There are probably hundreds of thousands of Google Chrome extensions out there, and with so many options to choose from, it can be hard to know whether the plugin you want to install is hiding malware nasties.

That could become a thing of the past, though, as Google is testing a feature that will warn you if an extension you installed has been removed from its Chrome Web Store.

Read more