Ransomware gang goes offline, prompting questions – .

Ransomware gang goes offline, prompting questions – .

Washington (AFP)

A Russian-based hacker group blamed for a massive ransomware attack was taken offline on Tuesday, sparking speculation whether the move was the result of government action.

The “dark web” page of the group known as REvil disappeared about two weeks after an attack that crippled the networks of hundreds of companies around the world and resulted in a ransom demand of $ 70 million.

“REvil has apparently disappeared from the dark web because its website is offline,” tweeted Allan Liska, security researcher for the company Recorded Future, who noted that the site was no longer responding around 5:00 GMT.

The news comes after US President Joe Biden repeated a warning to his Russian counterpart Vladimir Putin about hosting cybercriminals while suggesting that Washington could take action in the face of growing ransomware attacks.

In the past, analysts have suggested that the US Army Cyber ​​Command has the ability to retaliate against hackers in the face of national security threats, but there was no official word on such action. .

“The situation is still ongoing, but the evidence suggests that REvil has suffered a planned and simultaneous withdrawal of its infrastructure, either by the operators themselves or through industry or law enforcement measures,” said Mandiant Threat Intelligence’s John Hultquist said in an emailed statement.

“If this were any disruption operation, all the details may never be revealed. “

Brett Callow of security firm Emsisoft also pointed out unanswered questions.

“It is not known if the blackout was the result of action taken by law enforcement,” Callow said.

“If law enforcement was successful in disrupting the gang’s operations, that would obviously be a good thing, but it could create problems for any business whose data is currently encrypted. They would not be able to pay REvil the key needed to decrypt their data. “

The unprecedented attack on US software company Kaseya affected approximately 1,500 companies.

The Kaseya attack, which was reported on July 2, shut down a large Swedish supermarket chain and ricocheted around the world, affecting businesses in at least 17 countries, from pharmacies to gas stations, as well as dozens. New Zealand kindergartens.


Please enter your comment!
Please enter your name here