The REvil ransomware group’s message on the dark web stirs rumors about their return after months of dormancy, fueling concerns over their intentions and capabilities.
Various organizations took platform X to bring attention to the return of REvil group by tweeting, “Not REvil is back.” The tweet also referred to a fake REvil account that had purportedly planned to attack the SWIFT system alongside KillNet.
The resurfacing of this group, whether in the form of a fake, rekindles concerns about potential cyber threats to European banking systems.
Return of REvil group: A Cryptic Message Sparks Fears of Cyberattacks
The message posted by REvil ransomware group in Russian stated, “We are on vacation for a very long time, sorry, but without the rest, we will become zombies. How are our friends from KillNet doing? I heard about their ‘painting’ on the continent of Europe in three letters. It’s funny and unique, but what about robbing all the banks of Europe?”

(Photo Credit: X)
The reference to “robbing all the banks of Europe” highlighted on the REvil’s fake account may suggest that the threat of a massive financial attack is far from over.
Return REvil Group Ignite Potential Alliance: A Resurgent Threat
Previously, in June 2023, the group had formed an alliance with KillNet and Anonymous Sudan, threatening a massive cyberattack against European banking systems, particularly targeting the SWIFT international communications system.
These hacking groups made headlines by jointly declaring their intention to launch a “destructive” attack on the entire European financial system, with a primary focus on disrupting SWIFT.
Their motivations were rooted in their perception of Europe’s involvement in the Ukraine-Russia conflict, and their intent to retaliate.
Security experts were quick to highlight the seriousness of these threats, especially given KillNet’s notoriety for powerful distributed denial of service (DDoS) attacks.
REvil Group’s Return Message Puts Europe’s Financial Sector on High Alert
The previous collaboration between REvil, KillNet, and Anonymous Sudan highlights the potential for destructive cyberattacks that could destabilize the European financial sector.
As technology and tactics continue to evolve, staying ahead of these threats remains a top priority for security professionals.
The return of REvil group, even if it is in a questionable form, serves as a reminder of the persistent and ever-evolving threat landscape in the world of cybersecurity.
The history of threats made by these groups in June 2023 warrants continued vigilance and preparedness within the financial sector to ensure the safety and integrity of European banking systems.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.