Hollandse-Hoogte/Zuma
A prolific ransomware group that was behind some of the year’s most prominent online attacks has gone dark—at least for now.
Websites used by REvil, whose software is thought to have been used to target meatpacker JBS in late May, and, more recently, software company Kaseya, were unaccessible on Tuesday, according to multiple information security researchers.
Given that President Joe Biden warned Russian President Vladimir Putin in a phone call just last week that the US might take action against ransomware groups operating from Russia if the Russian government didn’t, speculation quickly turned to some sort of American plot. Shortly after the presidents’ conversation, a Biden administration official told reporters that such actions were imminent, warning, according to the New York Times, that while some aspects of the response would “be manifest and visible…some of them may not be. But we expect that those take place in the days and weeks ahead.”
REvil has long been thought to be run out of Russia, targeting a range of large, small, prominent, and obscure entities. The outfit provides ransomware software to affiliates, splitting any eventual payout. In the JBS case, they reportedly netted $11 million. The attack on Kaseya, which emerged as the US headed into the July 4 weekend, affected thousands of companies in 17 countries that use its IT infrastructure services.
Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, told Bloomberg that the group’s extortion page—where companies’ data was posted as proof—was unavailable on Tuesday, as were the group’s payment portals and chat functions.
Brett Callow, a ransomware expert with cybersecurity firm Emsisoft, told Mother Jones Tuesday morning that, despite the administration’s threats, it was “far too early to read anything into this,” explaining that site has a history of outages. “This could be a temporary outage due to infrastructure upgrades or a disruption by law enforcement or REvil pulling the plug to sail off into the sunset,” Callow cautioned. Other researchers echoed the sentiment.
The FBI and US Cyber Command declined requests for comment.
