The website of a Russia-linked ransomware gang accused of attacking a number of companies around the world has been taken offline.
The websites and paid blogs run by the R-Evil group suddenly became inaccessible on Tuesday.
The explanation for the disappearance is unclear, but a theory has emerged that the group may be of deliberate interest to the authorities.
The move comes amid growing pressure from the U.S. and Russia over cybercrime.
U.S. President Joe Biden said he raised the issue in a conference call Friday after discussing it with the Russian president at a summit in Geneva last month.
I made that clear to him,” Biden told reporters. …… We want them to do something about that data,” he said, suggesting the U.S. could take direct digital retaliation against the servers used in the hacking.
The timing of Tuesday’s shutdown led to speculation that U.S. or Russian authorities had taken action against R. Evil. However, authorities have so far refrained from commenting and cyber experts say the sudden disappearance of the teams is not unusual.
The incident is the latest in a series of high-profile ransomware attacks that hit major U.S. companies in December.
The FBI blamed REvil, also known as Sodinokibi, for the ransomware attack that hit JBS, the world’s largest meat processing company, last month.
- The emergence of life-threatening ransomware
- Should it be illegal to pay ransom to hackers?
The group is reportedly very prolific and last week demanding a huge bitcoin ransom in an attack on companies around the world, including IT agency Kaseya.
The Russian-linked ransomware group behind the largest cyberattack in recent times has disappeared from the network. According to CNBC, Reuters and the Washington Post, the website operated by the REvil group was shut down in the early hours of Tuesday morning. Dmitri Alperovic, former technical director of the cyber agency CrowdStrike, told The Put up that the group’s blogs were accessible even in the middle of the night.
However, the main websites that victims used to interact with the organization and get decryption tools after paying are no longer available. When accessing these sites, a message appears stating “unable to find a server with the correct hostname”.
REvil is responsible for a recent ransomware attack that affected 800 to 1,500 companies worldwide, including universities. It is demanding $70 million to recover the stolen and encrypted information. Experts have already linked the organization to ransomware attacks on Kaseya, a leading IT management program, and JBS, a beef supplier that decided to pay $11 million to get its information back.
It is unclear why the REvil website was inaccessible. According to Reuters, ransomware gangs typically disappear and change their names when they attract too much attention. Biden recently revealed that he told Russian President Vladimir Putin that he expects Russian authorities to take action against ransomware attacks originating in Russia. Asked whether the U.S. would attack the servers used by Russian cybercriminals to hack into U.S. networks, Biden said “absolutely.”
New York Times
Alperovich told The New York Times that REVIL’s servers do not appear to have been attacked and that it is unlikely that U.S. authorities have conducted offensive cyber operations. Curtis Minder, founder of threat analysis agency GroupSense, told Reuters that if the attack on the REVil website was indeed the result of an offensive operation launched by U.S. authorities, “we would hope that collateral damage would be considered.” Unscrupulous actors hold a significant amount of information that they ransom, and if that key is compromised or lost, it will be difficult for the victim to recover the information.
Another quote from my interviewee hints at the bigger picture. He told me that he had no intention of retiring and was already planning a new, unknown adventure. He warned, “If you let one go, others will emerge.