Navigation
  •  

Russian-based ransomware group’s websites offline, researchers say

Kaseya in Miami (Kaseya/Facebook)

This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.

A Russian-based hacker group blamed for a massive ransomware attack earlier this month has gone offline, sparking speculation about whether the move was the result of a government-led action.

The webpages of the group known as REvil disappeared from the dark web on July 13, cybersecurity researchers said. Both its data-leak site and ransom-negotiating portals were unreachable.

The researchers said that it was unclear whether the outage was the result of actions taken by law enforcement or whether REvil had voluntarily taken down its sites.

“The situation is still unfolding, but evidence suggests REvil has suffered a planned, concurrent takedown of their infrastructure, either by the operators themselves or via industry or law enforcement action,” John Hultquist of Mandiant Threat Intelligence said in a statement quoted by AFP.

The White House and U.S. Cyber Command declined to comment, according to the Associated Press.

REvil was responsible for a ransomware attack launched July 2 targeting the U.S. software company Kaseya that crippled more than 1,000 businesses globally. The group claimed credit for the attack and demanded $70 million worth of bitcoin as ransom to decrypt software and allow the businesses targeted to access their data.

Cybersecurity experts have said the group was also behind an attack in late May against the meat processor JBS. The Brazilian-based company ended up paying $11 million in bitcoin to the hackers.

U.S. President Joe Biden repeated a warning to Russian President Vladimir Putin during a call July 9 that he would “take action” against Russian-based groups. Biden also told Putin that the United States would take “any necessary action” to defend Americans and critical infrastructure threatened by cyberattacks.

Biden had previously warned Putin about ransomware attacks during the two leaders’ summit in June.

Alex Holden, founder and chief information security officer of Hold Security, said the company had seen no indication that the REvil websites were voluntarily shut down or any indication of steps from law enforcement.

“There is always a glimmer of hope that Russia is finally doing something right,” he added.