REvil ransomware gang inexplicably disappears from the internet
“All the REvil sites are down, including the payment sites and the data leak site,” tweeted Lawrence Abrams, creator of the information security blog BleepingComputer. “The public representative of the ransomware gang [sic], Unknown, is strangely calm. ”
The ransomware works by locking down a computer network, stealing and encrypting data until victims agree to pay a fee.
Those who refuse may find their information leaked online. In recent years, ransomware gangs have attacked hospitals, universities, police departments, city governments, and a wide variety of other targets.
A familiar source told CNN that the House Intelligence Committee had not been made aware of what caused the darkness of REvil. A staff member of the Senate Intelligence Committee said “no comment” when asked if the committee had been made aware of the situation.
REvil obtained $ 11 million from victims during its operation, according to cryptocurrency payment tracker Ransomwhere.
The sudden disappearance of the group has sparked much speculation about what may have happened. Theories range from planned system downtime to a coordinated government strike. But at this point, the experts are still guessing. The FBI and US Cyber Command declined to say if they could have been involved.
“This outage could be criminal maintenance, a planned retirement or, more likely, the result of an offensive response to the criminal enterprise – we don’t know,” said Steve Moore, chief security strategist at the cybersecurity company Exabeam.
Dmitri Alperovitch, chairman of the Silverado Policy Accelerator think tank and co-founder of cybersecurity firm CrowdStrike, speculated that Western governments could pressure internet infrastructure companies not to respond to demands. web browser for REvil sites. (Alperovitch no longer works at CrowdStrike.)
Drew Schmitt, senior threat intelligence analyst at GuidePoint Security, warned that while the inability to connect to REvil sites may be a potential indicator of law enforcement involvement, it does not prove it. conclusively.
“Last week the REvil site was also down a bit,” he said in a statement to CNN.
REvil is among the most prolific ransomware attackers, according to cybersecurity firm CheckPoint. In the past two months alone, REvil has carried out 15 attacks per week, CheckPoint spokesman Ekram Ahmed said.
Given the attention it has garnered, REvil may have intentionally chosen to keep a low profile for a while, Ahmed added. “We recommend that you don’t jump to any immediate conclusions as it’s early days, but REvil is, indeed, one of the most ruthless and creative ransomware gangs we’ve ever seen.”
Anne Neuberger, the White House’s top cyber official, was traveling with Biden on Tuesday, though her reasons for accompanying the president to Philadelphia are unclear. A White House spokesperson did not immediately respond to a request for comment.