Infamous ransomware gang REvil has returned to the dark web, the shady corner of the internet reachable with special software, after disappearing in July amid pressure from the U.S. government on Russia to act on ransomware groups operating in the country.

REvil, also known as Sodinokibi, was before its disappearance a prolific ransomware group linked to dozens of attacks. Its most high-profile attack before going dark involved targeting companies using information technology management software from Kaseya Ltd.

The Kaseya attack started with a supermarket in Switzerland then spread to thousands of businesses. REvil demanded a ransomware payment of $70 million in bitcoin to publish a key that could be used to decrypt their victims’ files. The size of the attack caught the attention of the White House who threatened to take action against Russia if the ransomware attack was linked to the country.

Kaseya subsequently obtained a master decryptor for the ransomware attack victims from an unnamed third party on July 22, after REvil had disappeared. The company declined to say from whom it obtained the decryptor and refused to say whether it had made a ransom payment or not.

Bleeping Computer reports that the “Happy Blog,” the blog used by REvil to communicate, has reappeared on the dark web. The last entry on the blog is July 8, five days before the site was previously taken offline.

Whether the reappearance of the Happy Blog indicates that REvil is set to return to operations is open to speculation.

“Right now, there is a lot of bad information out there,” Adam Flatley, director of threat intelligence at advanced threat protection company Redacted Inc., told SiliconANGLE. “Some people are rushing to judgment and posting information that turns out to be false. What we can say is that REvil ‘Happy Blog’ and their victim communication site have come back online. But there is no confirmation of new victims or new malware samples at this time.”

Flatley added that several false reports have appeared among information security experts that have later been retracted. “It would be best if everyone would take a breath, study the situation and double-check their facts before rushing to be the first to notify the world of something,” he said.

Photo: U.S. Air Force