REvil ransomware group reportedly taken offline by multi-nation effort

3 years ago 237

Law enforcement officials and cyber specialists hacked into REvil's network, gaining power of immoderate of its servers, sources told Reuters.

20210625-ransomware-karen.jpg

Image: Mackenzie Burke

The infamous REvil ransomware radical has reportedly been dealt a terrible blow, courtesy of an cognition conducted by officials successful the US and different countries. Law enforcement and quality cyber specialists hacked into REvil's machine web infrastructure, thereby taking power of astatine slightest immoderate of the group's servers, Reuters said connected Thursday, citing accusation from 3 backstage assemblage cyber experts moving with the US, arsenic good arsenic 1 erstwhile official.

SEE: Ransomware: What IT pros request to cognize (free PDF) (TechRepublic)

"The FBI, successful conjunction with Cyber Command, the Secret Service and like-minded countries, person genuinely engaged successful important disruptive actions against these groups," VMware caput of cybersecurity strategy Tom Kellermann told Reuters.

"REvil was apical of the list," added Kellermann, who besides serves arsenic an advisor to the .US. Secret Service connected cybercrime investigations.

At this point, REvil's "Happy Blog" website, done which it leaked stolen information from its victims and happily held it for ransom, is nary longer accessible. A alleged "leadership figure" for REvil known arsenic "0_neday," who helped restart the gang's operations aft it antecedently unopen down, revealed that REvil's servers had been hacked by an chartless party, Reuters said.

"The server was compromised, and they were looking for me," 0_neday wrote connected a cybercrime forum initially seen by information steadfast Recorded Future. "Good luck, everyone; I'm off."

Reuters didn't bespeak specifically which of the different group's websites and services person been taken down. But the full concern seems to beryllium a lawsuit of REvil getting caught successful its ain trap.

Following an onslaught that impacted enterprise IT steadfast Kaseya and its proviso concatenation this past summer, REvil's Happy Blog and different online sites went offline with nary wide mentation why. Some experts said the radical was conscionable laying low. Others said it mightiness person disbanded. Some thought the US authorities oregon different authoritative entities mightiness person chopped its online cord.

In September, 0_neday and different members of the radical restored their websites from a backup. But that enactment seemingly restarted immoderate interior systems that were already nether the power of instrumentality enforcement arsenic portion of an cognition to hack into and compromise REvil.

"The REvil ransomware pack restored the infrastructure from the backups nether the presumption that they had not been compromised," Oleg Skulkin, lawman caput of the forensics laboratory astatine the Russian-led information institution Group-IB, told Reuters. "Ironically, the gang's ain favourite maneuver of compromising the backups was turned against them."

SEE: Infographic: The 5 phases of a ransomware attack (TechRepublic)

Though the FBI declined Reuters' petition for comment, 1 idiosyncratic acquainted with the events said that a overseas spouse of the US authorities carried retired the hacking cognition against REvil. A erstwhile US official, who spoke connected information of anonymity, told Reuters that the cognition is inactive active.

Organizations successful the US and elsewhere person been shaken by respective high-profile ransomware attacks this year. REvil brought undue attraction to itself pursuing the Kaseya incident, which impacted much than 1,000 organizations crossed the proviso chain. Another attack against nutrient processing institution JBS Foods further shined a airy connected REvil. The attack against Colonial Pipeline attributed to Darkside raised concerns astir the vulnerability of captious infrastructure.

As a result, the White House and different authoritative authorities entities person resolved to ace down connected ransomware gangs and operations. This effort to instrumentality down REvil shows that instrumentality enforcement is much than consenting to play hard shot to halt these transgression enterprises.

"Hopefully a wide connection is being sent that moving a ransomware concern is not worthy the risks immoderate longer," said Chuck Everette, manager of cybersecurity advocacy astatine Deep Instinct. "With REvil being taken off-line, this tin decidedly beryllium counted arsenic a payment for those successful the cybersecurity defence area. The 1 happening to enactment present is determination are plentifulness of different ransomware transgression gangs acceptable to measurement successful and instrumentality backmost implicit the areas vacated by REvil. We tin lone anticipation that this government-assisted shutdown volition person a antagonistic interaction connected the operations of the different gangs owed to fearfulness of it happening to them arsenic well."

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article