Russian-Based Ransomware Group's Websites Offline, Researchers
July 14, 202
A Russian-based hacker group blamed for a massive ransomware
attack earlier this month has gone offline, sparking speculation
about whether the move was the result of a government-led
The webpages of the group known as REvil disappeared from the
dark web on July 13, cybersecurity researchers said. Both its
data-leak site and ransom-negotiating portals were unreachable.
The researchers said that it was unclear whether the outage was
the result of actions taken by law enforcement or whether REvil
had voluntarily taken down its sites.
"The situation is still unfolding, but evidence suggests REvil
has suffered a planned, concurrent takedown of their
infrastructure, either by the operators themselves or via
industry or law enforcement action," John Hultquist of Mandiant
Threat Intelligence said in a statement quoted by AFP.
The White House and U.S. Cyber Command declined to comment,
according to the Associated Press.
REvil was responsible for a ransomware attack launched July 2
targeting the U.S. software company Kaseya that crippled more
than 1,000 businesses globally. The group claimed credit for the
attack and demanded $70 million worth of bitcoin as ransom to
decrypt software and allow the businesses targeted to access
experts have said the group was also behind an attack in late
May against the meat processor JBS. The Brazilian-based company
ended up paying $11 million in bitcoin to the hackers.
U.S. President Joe Biden repeated a warning to Russian President
Vladimir Putin during a call July 9 that he would “take action”
against Russian-based groups. Biden also told Putin that the
United States would take "any necessary action" to defend
Americans and critical infrastructure threatened by cyberattacks.
Biden had previously warned Putin about ransomware attacks
during the two leaders’ summit in June.
Alex Holden, founder and chief information security officer of
Hold Security, said the company had seen no indication that the
REvil websites were voluntarily shut down or any indication of
steps from law enforcement.
"There is always a glimmer of hope that Russia is finally doing
something right,” he added.