REvil, Russia's Notorious Ransomware Group, Disappeared Without a Trace

ransomware
Ransomware attacks Pexels/Sora Shimazaki

REvil, one of the most prolific ransomware groups in the world, has disappeared.

The group can no longer be traced online as of July 13, and their disappearance came a day before senior officials from the White House and Russia are set to meet to talk about the spike in ransomware cases.

REvil Disappeared from the Internet

The Russian ransomware group known as REvil has been terrorizing businesses for years. Around 42% of the recent ransomware attacks were connected to the group, but they are known for two massive hacks, according to CyberScoop.

Earlier this month, the ransomware gang affected 1,000 businesses by going after Kaseya's software. It was one of the most extensive ransomware campaigns ever made.

In June, this group of hackers went after the meat supplier JBS and demanded $11 million in exchange for their stolen data.

Even when the FBI and the world leaders have tightened online security, the presence of the gang was still felt - until now.

Allan Liska, the senior threat analyst at the security firm Recorded Future, said that firms and government agencies are scrambling to figure out what happened. They are optimistic that the gang has finally been blocked, although they can't figure out how.

Speculations and Theories

There have been a couple of theories circulating as to why the group suddenly disappeared. First, they may have chosen to retire, as the group already made millions of dollars from their ransomware attacks, according to CNN.

Second, it is possible that the United States or other countries disabled this group successfully and just chose not to announce it to the public yet.

And third, the Russian government may have been forced to disable the ransomware group due to growing international scrutiny. It is important to note that the disappearance of this ransomware group is not permanent, as a lot of cybercriminals will undergo a hiatus before attacking again.

Ekram Ahmed, a spokesperson at Check Point Software, has asked the public not to jump to any conclusion because it is still early to celebrate REvil's disappearance.

The answer behind the group's deactivation online remains unclear, and the broader problem of ransomware attacks is still looming, according to CNBC.

Katie Nickels, the director of intelligence at the U.S. firm Red Canary, said that even though they do not know what happened with the group, they still feel relieved.

Nickels added that if the government took them down, then it means that the government is taking action. If the group chose to stay quiet, it is possible that they are scared.

All of the websites used by the group, including where they published stolen data, are now offline. Also, all of the group's infrastructure and computers used to conduct their attacks are now offline. The spokesperson of the group has been missing for a week now.

REvil uses malware that avoids Russian computers, and they mostly target U.S.-based businesses. They are also believed to be connected to other criminal groups inside Russia.

After the massive attack at Kaseya, White House press secretary Jen Psaki said that the United States would take action against criminal actors in Russia if it did not.

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics