REvil, also known as Sodinokibi, has used a number of websites, both on the clear and the dark web, to conduct its operations. On the dark web, its site is known as the Happy Blog.
On 2 July, the gang hit about 60 MSPs using a zero-day flaw in the Kaseya VSA remote management software. Kaseya is a solutions developer for MSPs.
There has been speculation that the dark web operations of REvil had disappeared due to a technical issue. But the return of the site at this time indicates that the operators were merely lying low.
That was ramped up further after the Kaseya incident, with US President Joe Biden raising the issue with his Russian counterpart, Vladimir Putin, during talks.
Many ransomware gangs are based in Russia but appear to be free to operate provided they do not attack sites within the country.
REvil has been one of the most prolific ransomware groups since the time when this genre of malware became the top issue affecting network security of companies running Windows.