Destructive hacking group REvil could be back from the dead

By Alex Blake Published April 22, 2022

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil — until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Person typing on a computer keyboard. — Image used with permission by copyright holder

Now, it looks like REvil’s sites on the dark web are back in action. According to Bleeping Computer, REvil’s websites are up and running and filled with information new and old, including a list of previous hacking victims alongside a couple of new ones. The hacking group’s domains are accessible through the Tor Browser, which masks URLs to facilitate user privacy.

Recommended Videos

Security researchers became aware of the new activity while monitoring the hacking forum RuTOR, where they saw an advertisement promoting REvil’s services with a new website that redirects to its old domain. The group’s updated services include an apparently improved version of the REvil ransomware, along with an 80/20 revenue-sharing model.

Does this mean that the original REvil crew has somehow been resurrected for another round of high-profile hacks and mischief? Well, that’s not entirely clear. Aside from the fact that the group was gutted by multiple law enforcement investigations around the world, there are other reasons to be suspicious.

For one thing, the website’s code is littered with references to other hacking groups, which might imply that a different malware gang has somehow taken control of REvil’s website. Another possibility is that the new site is a “honeypot” maintained by law enforcement or some other group and designed to capture information about potential clients of REvil.

For now, the mystery remains unsolved. But if REvil is indeed back from the grave — or another hacking group has decided to take it over — it doesn’t bode particularly well for the future, especially considering the havoc caused by hacking group LAPSUS$ in recent months. If you want to stay safe, you can start by ensuring you’re protected by one of the best antivirus apps available and avoid clicking suspicious links on the web or in your emails.

Topics

Computing Writer

Alex Blake has been working with Digital Trends since 2019, where he spends most of his time writing about Mac computers…

Computing

This powerful ChatGPT feature is back from the dead — with a few key changes

A laptop screen shows the home page for ChatGPT, OpenAI's artificial intelligence chatbot.

ChatGPT has just regained the ability to browse the internet to help you find information. That should (hopefully) help you get more accurate, up-to-date data right when you need it, rather than solely relying on the artificial intelligence (AI) chatbot’s rather outdated training data.

As well as giving straight-up answers to your questions based on info found online, ChatGPT developer OpenAI revealed that the tool will provide a link to its sources so you can check the facts yourself. If it turns out that ChatGPT was wrong or misleading, well, that’s just another one for the chatbot’s long list of missteps.

Computing

Update your Apple devices now to fix these dangerous exploits

A person using a laptop with a set of code seen on the display.

If you’re an Apple user -- whether you have a Mac, an iPhone, an iPad, or an Apple Watch -- you need to update your devices as soon as possible. That’s because Apple has discovered three actively exploited vulnerabilities that could cause your devices serious harm, and the patches are already out to fix them.

One of the bugs was found in Apple’s Security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug concerns the WebKit browser engine and could grant a threat actor the ability to run arbitrary code when a victim views a certain web page.

Computing

This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram

A dark mystery hand typing on a laptop computer at night.

A massive security bug has just been discovered that affects WebP images used in untold numbers of websites and apps, and it could potentially let hackers break into your computer and extract data from it. In fact, Google has already seen it being actively exploited in the wild. Because of that, it’s essential that you patch your computer as soon as possible.

The discovery has been detailed by researcher Alex Ivanovs, who wrote about the bug in a blog post. Right now, it seems to affect almost all of the best web browsers, including Chrome, Firefox, Edge, and Brave. WebP images are used all over the web, meaning huge numbers of sites and apps could be affected.