Is the REvil ransomware set for a return?

Representational image of a cybercriminal
(Image credit: Pixabay)

After being offline for about two months, several of the dark-web servers belonging to notorious ransomware operator REvil have come back online.

The usually vocal group became uncharacteristically silent after orchestrating the Kaseya attacks back in July, following which its properties on both the dark-web and normal web, including its ransom negotiating portal, the website where it shares exfiltrated data, and a blog it used to boast about its latest exploits, went offline.

The disappearance led to speculation that the group could have been hit by law enforcement agencies, following its extravagant, but bungled Kaseya campaign

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

However, BleepingComputer now reports that a couple of REvil’s properties have come back online again.

Back for real?

Reportedly, REvil’s payment/negotiation site and its data leak site on the dark web are both online. 

The security community however is divided in its interpretation of the move. 

While BleepingComputer thinks it could just be the law enforcement agents tinkering with the supposedly seized servers, others believe that REvil’s about to get back to business.

“Revil took time to refit, retool, and take a bit of a holiday over the summer. The fact their sites are back online means they are, again, ready for business and have targets in mind,” security vendor Exabeam’s chief security strategist, Steve Moore tells TechRadar Pro.

In fact, Moore goes as far as to suggest that the ransomware operator has “undoubtedly” already laid their hands on a compromised software supply chain.

“The technique began in espionage and has now been borrowed for criminal activity; this campaign hasn't started yet – but will very soon,” warns Moore.

Via BleepingComputer

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
A laptop with a red screen with a white skull on it with the message: &quot;RANSOMWARE. All your files are encrypted.&quot;
Less than half of ransomware incidents end in payment - but you should still be on your guard
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
Hands typing on a keyboard surrounded by security icons
35 years on: The history and evolution of ransomware
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does