Dark websites linked to the Russia-based REvil cyber gang were down on Tuesday, just two weeks after the group launched a large-scale ransomware campaign that affected more than 1,500 businesses worldwide, according to CNBC.
Why is this important: It is unclear whether the sites – which REvil uses to facilitate its ransom negotiations – are down due to a technical issue, a law enforcement operation or some other explanation. The group’s public spokesperson has also remained silent on message boards since last week, according to Politico.
- President Biden called Russian President Vladimir Putin on Friday to ask him to crack down on cybergangs operating in Russia.
- He warned that the United States would take action to “defend its people” from ransomware attacks, and suggested that this could include taking hackers’ servers offline.
Rollback: DarkSide, another Russia-based hacking group, went out of business after shutting down the Colonial Pipeline in a ransomware operation, leading to widespread gas shortages in the United States for several days.
- The Department of Justice later announced that US investigators had gained access to the infrastructure used by DarkSide to conduct its extortion operations and recovered part of the ransomware payment that the pipeline had given to the group to regain access. to his computers.
Yes, but: Security experts have said that groups of cybercriminals sometimes disband and return under different names, so it is currently impossible to determine whether the disruption of REvil websites is permanent.
The big picture: The full extent of REvil’s latest ransomware operation is still unknown.
- The group was responsible for several other major ransomware attempts, including one that forced major meat supplier JBS to briefly shut down its beef plants in the United States.
- At one point, REvil demanded $70 million to restore data they demanded for ransom during the 4th of July weekend operation that targeted Kaseya software, although it is currently unclear how much. companies have paid ransoms.
Go further: Kaseya ransomware attack size assessment