Newsdeck

World

Ransomware gang REvil’s websites become unreachable

(Photo: Markus Spiske/Unsplash)

WASHINGTON, July 13 (Reuters) - Websites run by the ransomware gang REvil suddenly became unreachable on Tuesday, sparking widespread speculation that the group had been knocked offline.

By Raphael Satter

The Russia-linked cybercrime ring has collected tens of millions of dollars in ransom payments in return for restoring computer systems it has hacked. In recent weeks it claimed responsibility for a sprawling ransomware outbreak that affected https://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05 an estimated 800 to 1,500 businesses worldwide.

Ransomware sites can be unreliable, and it was unclear whether the site’s disappearance was a momentary fluke or whether the hackers had downed tools or been removed from the internet by someone else. Both the group’s payment portal and its blog, which named and shamed their victims who refused to pay the ransoms they demanded, were unreachable.

The White House declined comment. An attempt to reach REvil, one of whose representatives briefly spoke with Reuters last week, was unsuccessful.

The disappearance is not necessarily significant.

Vanishing acts are common in the ransomware world, where gangs tend to disappear and rebrand when they begin attracting too much heat.

REvil was already drawing top-level U.S. government attention, and pressure has been mounting on Washington to take more decisive action against REvil and groups like it.

The United States has been hit by a string of high-profile hacks by ransom-seeking cybercriminals, including an intrusion into Colonial Pipeline which disrupted gasoline deliveries across the East Coast.

President Joe Biden hinted on Friday the United States could take more aggressive action soon where ransomware was concerned.

Asked https://www.reuters.com/article/us-usa-cyber-biden-putin-idAFKCN2EF1XN by a Reuters correspondent on Friday whether it would make sense to attack the Russian servers used in such intrusions, Biden paused, smiled and said: “Yes.”

For the head of one cybersecurity company, the possibility that someone – the U.S. government or otherwise – knocked the group offline raised some concerns.

“If this was an organized cyber offensive, I am hopeful that collateral damage was a consideration,” said Kurtis Minder, the founder of threat intelligence firm GroupSense.

Ransomware-seeking criminals and their victims are in some ways co-dependent, with the bad actors holding the keys to their victims’ encrypted data. Should those keys have been lost or destroyed in a cyberattack “many companies, individuals are going to have a tough time recovering,” he said.

Wrecking a cybercriminal server or two was not sustainable in the long run, he added.

“REvil is one of dozens of major ransomware operators,” he said. “Are we going to attack all of them?” (Reporting by Raphael Satter; Additional reporting by Andrea Shalal; Editing by Howard Goller)

Gallery

Comments - Please in order to comment.

Please peer review 3 community comments before your comment can be posted

We would like our readers to start paying for Daily Maverick...

…but we are not going to force you to. Over 10 million users come to us each month for the news. We have not put it behind a paywall because the truth should not be a luxury.

Instead we ask our readers who can afford to contribute, even a small amount each month, to do so.

If you appreciate it and want to see us keep going then please consider contributing whatever you can.

Support Daily Maverick→
Payment options

Become a Maverick Insider

This could have been a paywall

On another site this would have been a paywall. Maverick Insider keeps our content free for all.

Become an Insider

Every seed of hope will one day sprout.

South African citizens throughout the country are standing up for our human rights. Stay informed, connected and inspired by our weekly FREE Maverick Citizen newsletter.