Russia's most aggressive ransomware group REvil disappears suddenly

Topics Russia | ransomware | US Russia

During a meeting in Geneva on June 16, US President Biden (left) pressured Russia’s President Putin to take action against cybercriminals who are attacking American targets. In starker terms, Biden demanded that Putin take action in a call last week
Just days after President Biden demanded that President Vladimir V Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday.

 
The mystery is who made it happen.

 
The group is called REvil, short for “Ransomware evil.” Two weeks after Mr. Biden and Mr. Putin met in Geneva last month, REvil took credit for a hack that affected thousands of businesses around the world over the July 4 holiday.

 
That latest attack led to Mr. Biden’s ultimatum in a phone call on Friday to the Russian president. Later, Mr. Biden said that “we expect them to act,” and when asked by a reporter later if he would take down the group’s servers if Mr. Putin did not, the president simply said, “Yes.”

 
He may have done exactly that.

 
But that is only one possible explanation for what happened around 1 am Eastern time on Tuesday, when the group’s sites on the dark web suddenly disappeared.

 
Gone was the publicly available “happy blog” the group maintained, listing some of its victims and the group’s earnings from its digital extortion schemes. Internet security groups said the custom-made sites — think of them as virtual conference rooms — where victims negotiated with REvil over how much ransom they would pay to get their data unlocked also disappeared. So did the infrastructure for making payments.

 
While the disappearance of the hackers’ online presence was celebrated by many who see ransomware as a new scourge,  it left some of the group’s targets in the lurch, unable to pay the ransom to get their data back and get their businesses running again.

 
“What’s the plan for the victims?” asked Kurtis Minder, the chief executive of GroupSense, a digital risk protection company.
There were three main theories about why REvil  suddenly disappeared.

 
One is that Mr. Biden ordered the United States Cyber Command, working with domestic law enforcement agencies, including the FBI, to bring the group’s sites down. 

 
The second theory is that Mr. Putin ordered the group’s sites taken down. If so, that would be a gesture toward heeding Mr. Biden’s warning, which he had also conveyed, in more general terms, when the two leaders met on June 16 in Geneva.  

 
A third theory is that REvil decided that the heat was too intense, and took the sites down itself to avoid becoming caught in the crossfire between the American and Russian presidents. 
NYT


Dear Reader,


Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel