Notorious ransomware gang mysteriously disappears from the internet
- Ransomware gang REvil suddenly disappeared from the internet on Tuesday
- The gang reportedly worked from Eastern Europe or Russia
- The disappearance comes days after US President Joe Biden spoke to Russian President Vladimir Putin on taking action against ransomware
REvil, the ransomware gang that attacked meat supplier JBS Foods and a major IT software vendor recently, has mysteriously disappeared from the internet on Tuesday, reports CNN quoting cybersecurity experts tracking the group.
Web other infrastructure belonging to the cybercriminal gang including a payment website and a blog run by the group, which is believed to operate from Eastern Europe or Russia, went dark as observers found that they were unable to connect to REvil’s web page listing its victims.
Others said that they were unable to connect to the sites REvil uses to communicate with victims and collect ransom.
Lawrence Abrams, creator of information security blog BleepingComputer said, “All REvil sites are down, including the payments sites and data leak site. The public ransomware gang represenative [sic] Unknown, is strangely quiet.”
While the reasons for REvil’s disappearance are not immediately clear, it does come after a series of high-profile hackings by the group by seizing control of computers around the world.
REvil’s disappearance comes closely after United States President Joe Biden warned Russian President Vladimir Putin about consequences if Moscow failed to address ransomware attacks from within its borders.
President Biden told the media that he had “made it very clear to him (Putin)… we expect them to act” on information and also hinted that the US could take direct retaliation on servers used for intrusions, reports the BBC.
The timing of Tuesday’s outage has sparked speculation that either the US or Russian officials may have taken action against REvil. The FBI and US Cyber Command have declined to comment on their involvement.
The Biden administration has increasingly identified ransomware as a direct threat to economic and national security and has become cautious of its potential to disrupt critical infrastructure.
Ransomware works by locking down a computer network, stealing and encrypting data until the victims agree to pay a fee. Refusal to pay can lead the information to be released online.
In recent years, ransomware gangs have gone after hospitals, universities, police departments, city governments and a range of other targets.