A Russian hacker who collaborated with the well-known REvil group confirmed that cybercriminals returned to active work after a two-month break. He named political reasons the main reason for the temporary suspension of their activities. This refutes the claims of REvil members themselves, who explained this with precautions after the disappearance of one of the community members.
An anonymous cybercriminal said that the group initially planned only to suspend its activities, but not to end it completely. According to him, this step was due to the difficult geopolitical situation.
“They told key business partners and malware developers that there was no cause for concern and that cooperation would not be suspended for long,” the hacker said. Answering the question about the influence of the Russian leadership on the decision of the most famous group of the country to hide for a while, the Russian hacker noted that such an option is hardly possible. According to him, there is no evidence to suggest any connection between REvil and the government or intelligence services of Russia or other countries. Moreover, no one discusses such a topic on a serious level on the darknet.
“It is not surprising that the hacker group responsible for high—profile attacks on American infrastructure took precautions after the conversation between the US and Russian presidents,” the anonymous hacker stressed. “Geopolitical factors are always taken into account in a business of this level, although this is the first time I have encountered a situation where a group has been forced to curtail its activities relatively unexpectedly”.
REvil’s return was announced last week when the group’s site on the darknet became active again after two months of downtime. Shortly after that, community members stated in messages on one of the Russian forums that the temporary suspension was dictated by precautionary measures. They were allegedly caused by the disappearance of one of the REvil members: “We backed up and disabled all the servers. We thought he had been arrested. We waited — he didn’t show up, and we restored everything from backups.”