REvil claims to have stolen a variety of different data from Midea, including its product lifecycle management (PLM) system - containing blueprints and firmware source code - as well as financial information intended for sale.

After analyzing REvil's dark web site, "ODN" believes that REvil has indeed made a comeback, and that it is not a phishing operation of the Russian Federal Security Service.

According to Trustwave SpiderLabs, members of the underground forum believe their countries are no longer safe havens and fear arrest. Some have suggested moving their ransomware operations to India, China, the Middle East or Israel.

Bitdefender is actively supporting this investigation by providing key technical insights throughout the process, as well as providing decryption tools for both prolific ransomware families to help victims recover their files. kpn and McAfee Enterprises are additional supportive partners who are also supporting the investigation by providing technical expertise to law enforcement. This investigation.

The hijack was first discovered by Dmitry Smilyanets of Recorded Future, who noted that an unknown person had hijacked the Tor hidden service (Onion domain) using the same private key as REvil's Tor sites, and may have had backups of those sites.

Comments made by Biden administration officials in an interview with POLITICO most clearly indicate that the U.S. played no direct role in the banning of REvil's website and other online infrastructure in recent days.

REvil's dark (.onion) and clearnet(decoder.re) websites are both offline, although we do not know exactly how their sites were taken down.