REvil ransomware’s servers reappear without fanfare or explanation
Brett Callow of Emsisoft broke the unpleasant news on Twitter last night — REvil’s dedicated leak site, “The Happy Blog,” which had disappeared after the Kaseya supply chain attack, had reappeared at its old onion address.
— Brett Callow (@BrettCallow) September 7, 2021
There were no new listings since their unannounced sudden disappearance in July — at least not yet — but the news predictably generated some buzz and speculation, as the Sodinokibi operators had presumably been collaborating with DarkSide and other threat actors these days. Lawrence Abrams of BleepingComputer raises the possibility that the server may have been turned back on by law enforcement.
Eventually, we will find out more. REvil’s “Unknown” has not been shy about issuing press releases or talking to reporters, so we may learn more soon.