Ames Computers Geeks Corner News REvil Servers Back Online NYC New York City North Bergen County

REvil Servers Back Online

The Accordion system converts ordinary external HD into a NAS box and enables you to backup data using any usb based storage device whether it is RAID, SATA, ATA, IDE, SSD, or even CF-card. Accordion backup appliance is a self contained device that can utilize any external storage for backing up data. You can utilize existing excess storage on existing workstations or servers. You can use existing NAS storage or you can use any usb based storage device. Accordion is agnostic when it comes to where it backs up to or what technology is used for backup.

The REvil ransomware gang's servers are back online after a shutdown 2 months ago with new victims listed on its site and an explanation of why it took a break. According to their site, one of their coders made a mistake and generated a universal key and issued the universal key along with a bunch of keys for one machine. They explained that the encryption process allows for generation of either a universal decryptor key or individual keys for each victim's encrypted machines. In the process of generating the keys for Kaseya and its victims, REvil had to generate between 20 and 500 decryption keys for each victim, because the victims in the attack all had networks of different sizes.

According to sources speaking to Advanced Intelligence, that explanation may be fake. Yelisey Boguslavskiy, head of research at Advanced Intelligence, the explanation provided regarding the misclick generation of the decryption key is ridiculous and doesn't make any sense in the context of how contemporary ransomware operations work. Boguslavskiy also noted that REvil is perceived as liars who are not as capable as they claim to be. He referenced REvil's claims that it has access US military infrastructure to illustrate how ridiculous REvil can be.

On that same day that REvil's servers came back up, their Tor payment site was also back online. Victims could log in and negotiate with the group again. Those victims had been left without a decryption key and no no way to negotiate the ransom. Now the victim's timer was reset. REvil's active development has also been restarted as new REvil ransomware samples were uploaded to VirusTotal. It's not all back to normal for REvil though, since UNKN, who was the core developer, hasn't reappeared. It's also very likely that other elite REvil developers have merged or formed new groups.

REvil is apparently looking to re-establish its credentials. It looks like REvil is trying to patch things up with disgruntled affiliates who missed out on payouts after the group's disappearance. When REvil went back up, some hackers opened arbitration cases against REvil on underground forums. One hacker, boriselcin, opened an arbitration case against REvil's UNKN on the Russian-language forum XSS. The hacker claimed that UNKN owed them money and wanted to be paid now that the group is back up and running. The case was closed with boriselcin stating it had been resolved.