Happy Nice Mall

REvil, the so-called “ransomware-as-a-service” provider and blamed for some of the biggest cyberattacks of the year, has resurfaced nearly two months after its sudden disappearance from the internet.

A few keen observers noted on social media Tuesday that “Happy Blog,” a darknet website run by REvil, has recently become accessible once again. It remained accessible Wednesday afternoon.

REvil caused major damage in early 2020 by licensing its proprietary ransomware to cybercriminals and then successfully distributing it to victims, including meat giant JBS USA and software firm Kaseya.

In several cases, the “Happy Blog” published data stolen from victims of ransomware attacks and threatened to leak more if payment was not made through a dedicated online portal.

REvil’s online presence suddenly went dark on July 13, but at the time sparked rumors about whether those involved were halting their operations due to growing pressure from the US and abroad.

US officials have said they believe REvil is based in Russia, and the White House selected the groups multiple times in the weeks before their “Happy Blog” websites and payment portal suddenly disappeared.

But while the Biden administration announced the disappearance of REvil nearly two months ago, the White House did not tell reporters whether the US government was involved in any way.

Days after REvil’s disappearance in July, a senior White House official described it as a “very positive” development, adding: “This is a group that has had a tremendous negative impact on victims worldwide.”

Emsisoft security researcher Bret Callow said that both the “Happy Blog” and the darknet version of REvil’s payment portal are back up and running. said Wednesday on social media.