REvil ransomware gang sites go dark, for reasons that remain unclear
The ransomware gang behind a string of recent attacks that netted tens of millions of dollars may have been too successful for its own good.
REvil, the Russian-speaking hacking crew that claimed responsibility for a hack at the IT firm Kaseya that yielded perhaps thousands of victims, largely went dark Tuesday morning, according to multiple security researchers. The dark web site where REvil typically posts victim data and a payment site suddenly went down, while one site apparently ceased responding to Domain Name System requests.
The cause of the outages was not immediately clear. Ransomware gangs frequently shutter their operations, update their tradecraft or evolve into different extortion techniques after profitable periods.
The White House recently said it reserves the right to “take any necessary action to defend its people and its critical infrastructure” in the face of costly digital extortion attacks.
REvil, widely suspected to be based in Russia, is the prime suspect in hacks against the global meat supplier JBS, an incident involving the law firm of former President Donald Trump and the theft of data from an Apple supplier, among others. The group reaped some $123 million in 2020 alone, according to one IBM estimate.
President Biden has repeatedly urged Russian President Vladimir Putin to take action against ransomware gangs operating in that country. Putin typically has rebuffed such requests.
The U.S. Department of Justice did not respond to a request for comment on Tuesday.
Before the U.S. elections in November 2020, American officials and Microsoft both took separate actions against another hacking collective, TrickBot. The Microsoft activity included tracking technical infrastructure associated with TrickBot, learning specific IP addresses associated with servers that attackers used to control the botnet, and then disabling those machines.