Happy Nice Mall

One of the world’s most prolific ransomware gangs suddenly disappeared from the internet on Tuesday morning. The unexplained immigration comes just a day before senior officials from the White House and Russia met to discuss the global ransomware crisis.

The ransomware team known as REvil has been involved in cybercrime erupting underground for years. a tail 42% of all recent ransomware attacks They track down this gang, but are particularly known for two hacks. Earlier this month, the gang Reach at least 1,000 businesses by attacking the software company Kaseya. It was one of the largest ransomware campaigns ever conducted. And last month, REvil hit meat supplier JBS and demanded $11 million in payment. Even as world leaders turn their attention to ransomware and threats, REvil has been challenging so far.

“Things are a little messy trying to figure out what’s going on,” says Allan Liska, senior threat analyst at security firm Recorded Future. “We are cautiously optimistic that one of the biggest gangs out there is over.”

There are several possible explanations for what caused today’s shutdown. First, the gang may have chosen to retire if they made enough money or felt too much pressure. The United States or its allies may have successfully taken them offline. Or the Russian government under international scrutiny may have forced them to shut down. Their disappearance may also be temporary; many cybercriminals pretend to “retire” before finally re-emerging under new identities.

“We recommend not jumping to conclusions because it’s premature, but REvil is truly one of the most ruthless and creative ransomware gangs we’ve ever seen,” said Check Point Software spokesperson Ekram Ahmed.

The answer isn’t clear, and the broader problem of ransomware still looks big.

“I don’t know what that means but I’m happy no matter what!” tweeted out Katie Nickels, intelligence director of the US firm Red Canary. “If it’s a government decision – great, they’re taking action. If players voluntarily kept quiet – excellent, maybe they were scared. It’s still important to remember that this doesn’t solve the ransomware.”