The ransomware group linked to Russia behind some of the biggest recent cyber attacks has disappeared from the Internet. According to CNBC, Reuters and In the Washington Post, the websites managed by the REvil group went down in the early hours of Tuesday. Dmitry Alperovitch, former chief technology officer of cyber society CrowdStrike, said In Post that the group’s blog on the dark web is still accessible. However, their critical sites that victims use to negotiate with the group and to receive decryption tools if they pay are no longer available. Visitors to those websites now see a message that says “A server with the specified hostname cannot be found.”
REvil has taken responsibility for a recent series of ransomware attacks that have affected about 800 to 1,500 businesses worldwide, including schools. It is asked $ 70 million to restore data it has stolen and encrypted. Prior to that, experts linked the group to ransomware attacks from the IT management software giant Kaseya and cow supplier JBS, which has chosen to pay $ 11 million to obtain its data.
It is unclear why REvil websites are no longer accessible. As well as Reuters mentioned, ransomware gangs tend to fade and remark in case they attract too much attention. President Biden recently did palisade who told Russian President Vladimir Putin that he expects his government to act on ransomware attacks coming from his country. When asked if the United States would attack the servers Russian cybercriminals use to hijack American networks, Biden replied with a resounding “Yes”.
Alperovitch said In Post that it does not appear that REvil’s servers have been attacked, which means that an offensive cyber operation launched by US authorities is unlikely. Kurtis Minder, the founder of threat intelligence company GroupSense, said Reuters that one are you REvil’s failing sites really are the result of an offensive operation mounted by the US government, hoping that “collateral damage was a consideration.” The plaintiffs hold the key for the data being redeemed, and victims will have a hard time recovering it if that key is destroyed or lost.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, you can earn an affiliate commission.