REvil ransomware inexplicably disappears from the internet

The websites and other infrastructure of the cybercriminal gang, believed to operate from Eastern Europe or Russia, disappeared Tuesday as observers close to the group found they were unable to connect to REvil’s web page listing its victims.
Others said they were unable to connect to the sites that REvil uses to communicate with victims and collect ransom payments.

“All REvil sites are down, including the payment sites and the data leak site,” tweeted Lawrence Abrams, creator of the information security blog BleepingComputer. General ransomware gang representative [sic]unknown, strangely quiet.”

The reasons for REvil’s disappearance were not immediately clear, but it comes after a series of notable hacking operations by the group that have taken control of computers all over the world. It also comes after President Joe Biden said he had warned his Russian counterpart, Vladimir Putin, that there would be consequences if Moscow failed to tackle ransomware attacks originating from within its borders.
The Biden administration has increasingly identified ransomware as a threat to national and economic security, highlighting its potential to disrupt critical infrastructure on which Americans depend.

Ransomware works by securing a computer network, stealing data and encrypting it until victims agree to pay a fee.

Those who refuse can find their leaked information online. In recent years, ransomware gangs have hunted down hospitals, universities, police departments, city governments, and a wide range of other targets.

A familiar source told CNN that the House Intelligence Committee has not been briefed on the reason for Revell’s disappearance. “No comment,” said an aide to the Senate Intelligence Committee when asked if the committee had been briefed on the situation.

Over the weekend of July 4, cyber security experts said REvil was responsible for an attack on Kaseya, an IT software company that indirectly supports countless small businesses including accountancy firms, restaurants, and dentists’ offices.
REvil claimed responsibility for the attack, and demanded a ransom of $70 million to release the affected devices. US officials also said Revell was behind the attack on JBS, one of the world’s largest meatpacking companies.

REvil took $11 million from victims while operating, according to cryptocurrency payment tracker Ransomwhere.

The sudden disappearance of the group sparked widespread speculation about what might have happened. Theories range from a planned system disruption to a coordinated government strike. But at this point, experts are still guessing. The FBI and US Cyber ​​Command declined to comment on whether they were involved.

“This outage could be a criminal maintenance, a planned retirement, or, more likely, the result of an offensive response to the criminal enterprise — we don’t know,” said Steve Moore, chief security strategist at cybersecurity firm Exabeam.

Dmitriy Alperovitch, president of the Silverado Policy Accelerator think-tank and co-founder of cybersecurity firm CrowdStrike, hypothesised that Western governments might pressure Internet infrastructure companies not to complete web browser requests for REvil sites. (Alperovitch is no longer working on CrowdStrike.)

Drew Schmidt, lead threat intelligence analyst at GuidePoint Security, cautioned that while the inability to connect to REvil sites might be a potential indicator of law enforcement involvement, it doesn’t conclusively prove it.

“Last week, Revell crashed a little bit as well,” he told CNN.

REvil is among the most prevalent ransomware attackers, according to cybersecurity firm CheckPoint. CheckPoint spokesperson Ikram Ahmed said that in the past two months alone, Revell has carried out 15 attacks per week.

Ahmed added that given the interest it generated, REvil may have voluntarily chosen to stay low for a while. “We recommend not jumping to any immediate conclusions because it’s still early days, but REvil is indeed one of the most ruthless and creative ransomware gangs we’ve seen.”

Anne Neuberger, the White House’s chief Internet officer, was traveling with Biden on Tuesday, although the reasons for her escorting the president to Philadelphia were not clear. A White House spokesman did not immediately respond to a request for comment.