Russian cyber gang REvil, blamed for global ransomware attack, disappears
REvil, the Russia-linked cyber gang blamed earlier this month for a massive ransomware attack that affected hundreds of businesses globally, has vanished from the web.
As of Tuesday morning, the group’s public website, the
dark-web site the gang used to facilitate its ransom negotiations and the site
that victims used to pay the ransom fees were all offline, multiple
cybersecurity analysts said.
It’s not clear what led to the Russia-linked
ransomware-as-a-service group’s websites going dark.
But the sudden outage came just days after President Biden
said he pressed Russian President Vladimir Putin to act against hackers that
are operating from Russia.
“I made it very clear to him that the United States expects
when a ransomware operation is coming from his soil, even though it’s not
sponsored by the state, we expect him to act,” Biden told reporters last week
after a call with Putin.
Ransomware attacks, often orchestrated by Eastern European
hacking groups, have surged over the past 18 months as the pandemic and
work-from-home accommodations have made businesses especially vulnerable to
cybercrime.
Last month, JBS Foods, the world’s largest meat supplier,
was hit by a ransomware attack that the FBI accused REvil of orchestrating. JBS
eventually paid an $11 million ransom to resolve the attack, which threatened
to disrupt US meat supply.
And earlier this month, REvil claimed to be behind a
sweeping ransomware attack that disrupted operations at hundreds of companies
around the world. The hackers targeted software company Kaseya and demanded $70
million in Bitcoin as ransom.
Rep. John Katko, the top Republican on the House Homeland
Security Committee, called the attack a “moment of reckoning” in US-Russia
relations.
“Only weeks after President Biden sat down with Putin and
allegedly talked a tough game with Russia, hackers from Russia again attacked
thousands of U.S. companies, compromising our nation’s critical
infrastructure,” the top-ranking House Homeland Security Committee Republican
said.
“Adversaries like Russia are creating safe havens for bad
actors and we must project strength,” the New York lawmaker added.
The sites linked to REvil could have gone dark for a variety
of reasons, cybersecurity analysts said. It’s unclear if the group took their
own sites down or whether law enforcement from any country intervened.
Last week, after Biden said that the US expects Russia to
act against the group, a reporter asked Biden if he would take down the group’s
servers if Putin failed to.
“Yes,” the president said.
In addition to REvil’s websites, “all of their
infrastructure” used to control their hacking operations is also dark, Allan
Liska, an intelligence analyst who tracks ransomware for the cybersecurity firm
Recorded Future, told Politico.
The REvil episode comes after another ransomware gang that
was believed to be based in Russia, DarkSide, attacked Colonial Pipeline,
spurring gas shortages and panic buying across the Southeast US in May.
The company that operates the pipeline paid about $4.3
million in ransom to the group, but the Justice Department announced last month
that it was able to recover the payment and shutter the group.
Comments
Post a Comment