REvil, Hacking Group Behind Major Ransomware Attack, Disappears

Just days after President Biden referred to as President Vladimir V. Putin of Russia and demanded that he act to close down ransomware teams which can be attacking American targets, probably the most aggressive of the teams out of the blue went off-line early Tuesday morning, terminating negotiations over ransom funds and even bringing down the web page the place it boasted about its most profitable extortion schemes.

The thriller is who made that occur.

The group, referred to as REvil, brief for “Ransomware evil,” has been recognized by U.S. intelligence businesses as answerable for the assault that introduced down one among America’s largest beef producers, JBS. Two weeks after Mr. Biden and Mr. Putin met in Geneva final month, REvil took credit score for a hack that affected hundreds of companies world wide over the July four vacation.

That newest assault led to Mr. Biden’s ultimatum in a cellphone name on Friday to the Russian president. Later, Mr. Biden stated “we expect them to act,” and when requested by a reporter later if he would take down the group’s servers if Mr. Putin didn’t, the president merely stated, “Yes.”

He could have finished precisely that. But that is just one doable rationalization for what occurred round 1 a.m. Eastern time on Tuesday, when the group’s websites on the darkish internet out of the blue disappeared. Gone was the publicly out there “pleased weblog’’ that the group maintained, itemizing its victims, and web safety teams stated the custom-made websites the place victims negotiate with REvil over how a lot they’ll pay to get their knowledge unlocked had been additionally lacking.

While their disappearance was celebrated by many who see ransomware as a brand new scourge, one which Mr. Biden has referred to as a crucial nationwide safety risk, it left among the group’s targets within the lurch — unable to pay the ransom to get their knowledge again and their companies again up and working.

“What’s the plan for the victims?” requested Kurtis Minder, the chief govt of Groupsense, a digital threat safety firm that was negotiating with the extortionists on behalf of a regional regulation agency whose knowledge was stolen.

There had been three essential theories floating round about why REvil, which appeared to revel within the publicity and reaped enormous ransoms — including $11 million from JBS — suddenly disappeared.

One is that Mr. Biden ordered the United States Cyber Command, working with domestic law enforcement agencies, including the F.B.I., to bring the group’s sites down. Cyber Command proved last year that it could do just that, paralyzing a ransomware group that it feared might turn its skills to freezing up voter registrations or other election data in the 2020 election.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *