Ransomware Gang REvil Vanishes From Web After Biden Warning
(Bloomberg) -- The Russia-linked ransomware gang REvil has seemingly vanished from the dark web, where it maintains several pages documenting its activities including one called the “happy blog.”
It’s not yet known if the sites were down temporarily or if the group -- or law enforcement -- took its websites offline.
“It’s too early too tell, but I’ve never seen ALL of their infrastructure offline like this,” said Allan Liska, senior threat analyst at cybersecurity firm Recorded Future Inc., in a text message. “I can’t find any of their infrastructure online. Their extortion page is gone, all of their payment portals are offline, as is their chat function.” Liska said the websites went offline around 1 a.m. Eastern time.
The sudden outage comes just days after President Joe Biden said he pressed Russian President Vladimir Putin to act against hackers in his country blamed for recent ransomware attacks.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though its not sponsored by the state, we expect him to act,” Biden told reporters.
Representatives from the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the White House didn’t immediately respond to a request for comment. Kremlin spokesman Dmitry Peskov declined to comment, saying he wasn’t aware of the outage.
On Monday, Peskov said Russia is awaiting detailed information from the U.S. on alleged cyberattacks conducted from Russian territory. “You say that hackers attacked some companies on U.S. territory from the territory of Russia, but at a minimum, you need to give some information about what the basis for those conclusions is,” he said. The White House has said it has shared information about criminal hackers with the Russian government.
REvil, which is suspected by cybersecurity firms and the U.S. government of operating out of Russia, was accused of being behind an attack on giant meat supplier JBS SA, which eventually paid the group $11 million ransom.
More recently, the group embarked on a wide-scale ransomware attack, which affected hundreds of companies globally. The hackers targeted software company Kaseya Ltd. and its customers.
The Biden administration has made combating criminal hacking groups a top national security priority amid a sharp increase in ransomware attacks. DarkSide, the suspected Russian group accused of the ransomware attack on Colonial Pipeline Co., shut down its dark web pages afterward. It’s unclear if the group actually retired, or rebranded under a new name, according to cybersecurity experts.
©2021 Bloomberg L.P.