REvil, Hacking Group Behind Massive Ransomware Attack Disappears


Just days after President Biden called Russian President Vladimir V. Putin and demanded that he take action to shut down ransomware groups attacking American targets, the most aggressive of the groups abruptly disabled in the early hours of Tuesday morning, and negotiations on ransom payments and ransom payments ended. he even pulls down the page where he brags about the most successful extortion schemes.

The mystery is who did it.

The group REvil, short for “ransomware evil,” was identified by US intelligence agencies as responsible for the attack. The attack that brought down JBS, one of America’s largest beef producers. Two weeks after Mr. Biden and Mr. Putin met in Geneva last month, REvil hack affecting thousands of businesses Worldwide during the 4th of July holiday.

This latest attack led Mr Biden to deliver an ultimatum in a phone call to the Russian president on Friday. “We expect them to take action,” said Biden later, and when asked later by a reporter if Mr Putin would remove the group’s servers if he didn’t, Mr. The president simply said “yes”.

He could have done exactly that. But that’s just one possible explanation for what happened around 1am Eastern time on Tuesday, when the group’s sites on the darknet suddenly disappeared. The group’s public “happy blog” listing its victims is gone, and internet security groups said custom-made sites where victims negotiated with REvil about how much they would pay to unlock their data were also missing.

While their disappearance was celebrated by many who saw ransomware as a new scourge that Mr. Biden called a critical national security threat, it failed some of the group’s goals – unable to pay the ransom to get their data back and get their businesses up and running.

“What’s the plan for the victims?” asked Kurtis Minder, CEO of digital risk protection company Groupsense, which negotiates with extortionists on behalf of a regional law firm whose data was stolen.

Enjoying publicity and collecting huge ransoms, REvil had three main theories floating around why: Including $11 million from JBS – He suddenly disappeared.

First, Mr. Biden ordered the United States Cyber ​​Command, working with local law enforcement, including the FBI, to take down the group’s sites. Cyber ​​Command proved it can do just that last year by paralyzing a ransomware group that it fears could turn its skills into freezing voter records or other election data in the 2020 elections.

The second theory is that Mr Putin ordered the group’s sites to be shut down. If so, it would be a gesture to heed Mr. Biden’s more generally warning that the two leaders are meeting in Geneva on 16 June.

Third, REvil decided the heat was too intense and shut down the sites to avoid getting caught in the crossfire between the American and Russian presidents. Another group of Russian origin, dark sideIt did so after the ransomware attack on Colonial Pipeline, a US company that was forced to shut down gasoline and jet fuel operating on the East Coast in May.

But many experts think Darkside’s move to bankruptcy is digital theater and that all major ransomware talents will be reunited under a different name. If so, the same can happen with REvil.

Just a few months ago, ransomware was largely viewed as a criminal problem. But after the attack on the Colonial Pipeline, Mr. Biden and his advisers began declaring that attacks threatening critical infrastructure posed a major national security threat.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *