REvil ransomware gang inexplicably disappears from the internet

Websites and other infrastructure belonging to the cybercriminal gang, which are said to operate from Eastern Europe or Russia, went dark on Tuesday as close observers of the group discovered they were unable to find their way. connect to the REvil web page listing its victims.
Others said they were unable to log into the sites REvil uses to communicate with victims and collect ransom payments.

“All the REvil sites are down, including the payment sites and the data leak site,” tweeted Lawrence Abrams, creator of the information security blog BleepingComputer. “The public representative of the ransomware gang [sic], Unknown, is strangely calm. ”

It wasn’t immediately clear why REvil disappeared, but it follows a series of high-profile hacks by the group that has taken control of computers around the world. It also comes after President Joe Biden said he warned his Russian counterpart Vladimir Putin that there would be consequences if Moscow failed to tackle ransomware attacks emanating from within its borders.
The Biden administration has increasingly identified ransomware as a threat to national and economic security, highlighting its potential to disrupt critical infrastructure on which Americans depend.

The ransomware works by locking down a computer network, stealing and encrypting data until victims agree to pay a fee.

Those who refuse may find their information leaked online. In recent years, ransomware gangs have attacked hospitals, universities, police departments, city governments, and a wide variety of other targets.

A familiar source told CNN that the House Intelligence Committee had not been made aware of what caused the darkness of REvil. A staff member of the Senate Intelligence Committee said “no comment” when asked if the committee had been made aware of the situation.

Over the July 4 bank holiday weekend, cybersecurity experts said REvil was responsible for an attack on Kaseya, a computer software company that indirectly supports countless small businesses, including accounting firms, restaurants and dental offices.
REvil claimed responsibility for the attack, demanding a staggering ransom of $ 70 million to free the affected machines. U.S. officials also said REvil was behind the attack on JBS, one of the world’s largest meat packers.

REvil obtained $ 11 million from victims during its operation, according to cryptocurrency payment tracker Ransomwhere.

The sudden disappearance of the group has sparked much speculation about what may have happened. Theories range from planned system downtime to a coordinated government strike. But at this point, the experts are still guessing. The FBI and US Cyber ​​Command declined to say if they could have been involved.

“This outage could be criminal maintenance, a planned retirement or, more likely, the result of an offensive response to the criminal enterprise – we don’t know,” said Steve Moore, chief security strategist at the cybersecurity company Exabeam.

Dmitri Alperovitch, chairman of the Silverado Policy Accelerator think tank and co-founder of cybersecurity firm CrowdStrike, speculated that Western governments could pressure internet infrastructure companies not to respond to demands. web browser for REvil sites. (Alperovitch no longer works at CrowdStrike.)

Drew Schmitt, senior threat intelligence analyst at GuidePoint Security, warned that while the inability to connect to REvil sites may be a potential indicator of law enforcement involvement, it does not prove it. conclusively.

“Last week the REvil site was also down a bit,” he said in a statement to CNN.

REvil is among the most prolific ransomware attackers, according to cybersecurity firm CheckPoint. In the past two months alone, REvil has carried out 15 attacks per week, CheckPoint spokesman Ekram Ahmed said.

Given the attention it has garnered, REvil may have intentionally chosen to keep a low profile for a while, Ahmed added. “We recommend that you don’t jump to any immediate conclusions as it’s early days, but REvil is, indeed, one of the most ruthless and creative ransomware gangs we’ve ever seen.”

Anne Neuberger, the White House’s top cyber official, was traveling with Biden on Tuesday, though her reasons for accompanying the president to Philadelphia are unclear. A White House spokesperson did not immediately respond to a request for comment.

Comments are closed.