REvil: Ransomware gang websites disappear from internet

Published
image sourceReuters
image captionThe group recently demanded a huge bitcoin ransom for an attack targeting IT firm Kaseya

Websites for a Russian-linked ransomware gang blamed for attacks on hundreds of businesses worldwide have gone offline.

Monitors say a payment website and a blog run by the REvil group became suddenly unreachable on Tuesday.

The reason behind the disappearance is unknown, but has sparked speculation that the group may have been targeted deliberately by authorities.

It comes amid growing pressure between the US and Russia over cyber-crime.

US President Joe Biden said he raised the issue with Vladimir Putin during a phone call on Friday, after discussing the subject during a summit with the Russian president in Geneva last month.

Mr Biden told reporters that he had "made it very clear to him...we expect them to act" on information and also hinted the US could take direct digital retaliation on servers used for intrusions.

The timing of Tuesday's outage has sparked speculation that either the US or Russian officials may have taken action against REvil - though officials have so far declined to comment and cyber experts say sudden disappearances of groups are not necessarily uncommon.

The development comes after a series of high-profile ransomware attacks which have hit major US businesses this year.

The FBI accused REvil - also known as Sodinokibi - of being behind a ransomware attack on the world's largest meat processing company JBS last month.

The group is considered prolific and last week demanded a huge bitcoin ransom for an attack which targeted IT firm Kaseya and hundreds more businesses worldwide.

A huge scalp claimed

REvil is one of the most prolific and feared of all ransomware gangs and if this really is the end, it's extremely significant.

The rumour mill is in hyperdrive about what's behind this sudden shutdown but one hacker who claims to be an affiliate of the gang gave me some insights. I'm yet to confirm his identity but other researchers say his claims are highly plausible.

He claims that the US "Feds took down" elements of their websites and so they pulled the plug on the rest of their operation. He also said there was pressure from the Kremlin too saying: "Russia is tired of the US and other countries crying to them."

Like all hacker claims we have to take them with a large dollop of salt but if this scenario proves to be accurate, it shows a dramatic shift in policy from Russia which has so far been happy to sit back and let gangs like REvil operate without fear of intervention.

However another comment from my contact also hints at the bigger picture. He says he has no plans to retire and is already planning another unknown venture. "Make one go away, more will rise," he warned.

media captionTechnology explained: what is ransomware?

More on this story