Cybercriminals claiming to be part of the REvil ransomware group have alleged that the gang is closing shop after losing control of vital infrastructure and having internal disputes.
Recorded Future security expert Dmitry Smilyanets shared multiple messages on Twitter from ‘0_neday’ — a known REvil operator — discussing what happened on the cybercriminal forum XSS. He claimed someone took control of the group’s Tor payment portal and data leak website.
In the messages, 0_neday explains that he and “Unknown” — a leading representative of the group — were the only two members of the gang who had REvil’s domain keys. “Unknown” disappeared in July, leaving the other members of the group to assume he died.