REvil Ransomware Site Goes Offline


Image: Andrew Brookes via Getty

Screen Shot 2021-02-24 at 3

Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.

Multiple websites linked to the infamous ransomware gang REvil are currently offline, according to multiple security researchers. REvil is the group linked to the recent hack of information technology firm Kaseya which an REvil affiliate used to then ransom a wealth of other companies around the world.


“Onionsite not found,” an error message currently reads when visiting REvil’s dark web site where the group ordinarily posts data stolen from victims.

Lawrence Abrams, owner of information security publication BleepingComputer, said in a tweet that the downtime extended to “all” of REvil’s sites, including their sites used for ransom payment.

Pseudonymous research group vx-underground added in a tweet that “Unknown,” a representative for REvil, has not posted on popular hacking forums Exploit and XSS since July 8.

Do you have new information about REvil? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on, or email

The reason for the downtime is unclear. Sometimes dark web sites temporarily go offline and swiftly return. The site has been down now for over eight hours. Vx-underground added that the dumping site became unresponsive at 1AM EST.

REvil is a hugely prolific ransomware group, and was also responsible for the attack on the world’s largest meat producer JBS. The group is Russian speaking.

President Biden told President Putin last Friday that Russia must “take action” against cybercriminals based in the country who target the United States. Russian and U.S. officials are meeting this week to discuss the issue.