The notorious hacker group REvil, which blackmailed its victims through ransomware, tasted its own medicine – someone hacked its payment portal and blog. In a way, it’s ironic, but there is a fundamental question in the air: who is behind the attack? About the case from the internet underworld informs GameRant magazine.
One possible suspect is an American Federal Bureau of Investigation (FBI), which, according to the Washington Post, managed to obtain a key that could be used to shut down the site. The FBI reportedly delayed the use of the key, as the group apparently took a break after targeting Acer, demanding a $ 100 million ransom.
Who hacked hackers?
Another possible suspect could be one of the former members of the hacker group. Rumors surfaced that the group was about to split due to disagreements, and some former members may have been trying to take over the entire REvil platform for themselves.
Kidnapping requires so that the attacker could obtain private keys in some way used to create hidden services on the Tor network. Anyone who owns the private key to an existing hidden service can create a new version of the site to replace all previous versions. If the new page looked the same as the old one, users wouldn’t even know they were visiting the changed site.
At the moment, no one is sure who destroyed the “Happy Blog” (payment portal and blog of the REvil group), because no one has signed up for the cyber attack. However, there is no doubt that many security companies have taken a break from this report.
Maybe it’s not final
The ransomware hacking group has left many victims behind, including Apple vendors, Qanta Computer and many other organizations that have used Kaseya’s IT solutions to manage them. For example, in July, REvil demanded JBS from the world’s largest meat processor ransom of $ 11 million, which the company was forced to pay to gain control of its data.
Hacking and cybercrime have become extremely lucrative forms of crime. The growing popularity of cryptocurrencies also contributes to this, thanks to which payments are almost untraceable. In virtually all cases, payment in cryptocurrency is required to unlock encrypted data – most often in bitcoins.
Although the REvil platform has been neutralized, none of the group members was identified or arrested. This means that former members can create a new platform or join one of many other groups of ransomware hackers.