Site navigation

Kaseya Ransomware Group REvil Website Goes Dark

Michael Behr


REvil ransomware goes offline
Has REvil fallen foul of the authorities, gone into hiding to avoid unwanted attention, or been hit with technical difficulties?

Websites run by notorious Russia-linked hacking group REvil, which has been linked to several major recent hacks, have gone offline.

The cybercriminal group’s blog and payment sites on the dark web were discovered to be unreachable on Tuesday, July 13th. The group makes money through ransomware attacks – without a portal for victims to pay money, the hackers are unable to do business.

In addition, their so-called “Happy Blog” was used to post details of victims who refused to pay to shame them into paying ransoms.

While the exact cause of the websites going down is unknown, the move comes after several high-profile attacks by the group, along with escalating tensions between the US and Russia over cybersecurity.

Recent major cyberattacks, such as those against SolarWinds, Microsoft Exchange, and Colonial Pipeline, have forced US President Joe Biden to take action to improve his country’s cybersecurity. With Russia-linked hacker groups connected to several of these attacks, Biden has been putting pressure on Russia and its President Vladimir Putin.

The two discussed Russia-backed cyberattacks when they met in Geneva last month. In addition, both presidents had an hour-long phone call last weekend to discuss cybersecurity.

“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden told reporters after the call.

He also noted that the US would act if Russia failed to do so.

At present, there is no evidence to confirm that REvil’s websites were taken down by authorities, either in the US and Russia. Until now, the Russian Government has largely provided a safe harbour for cybercriminal groups to operate in the country.

However, cybercriminal groups have been known to remove their online presences in the past. The same criminals can disappear only to rebrand and reappear later to avoid unwanted attention.

Similar hacker group DarkSide has disappeared in the aftermath of the Colonial Pipeline attack.

However, technical issues cannot be ruled out at this point.


REvil, also called Sodinokibi, hit the headlines this month after they were linked to the major Kaseya ransomware attack. By hitting a third-party software supplier, the cyberattack impacted hundreds of companies.

In return for providing a universal decrpytor, the hacker group demanded $70 million in Bitcoin. This was later reduced to $50 million. While there have been no reports that Kaseya has paid the ransom, some of the other companies have paid to receive the decryptor, with one group paying $220,000.

REvil was also linked to the recent cyberattack on meat processor JBS. The company later confirmed that it had paid the $11-million ransom to the hackers.

Michael Behr

Senior Staff Writer

Latest News

%d bloggers like this: