Russian Ransomware Group's Website is Down, Permanently?
The entire infrastructure website run by the Russian ransomware terrorist organization REvil, which included data sites and a financial payment gateway, has been taken down and is no longer available for use.
The biggest and most dangerous of the Russian ransomware gangs has suddenly and mysteriously shut down only days after President Biden talked with Russian President Vladimir Putin and asked him to act against American targets.
During his recent visit to Geneva, President Biden called on Russian President Vladimir Putin to take action against cybercriminals operating inside Russian borders.
In addition to being suspected of being behind the assault that took down JBS, one of America's biggest beef producers, the organization REvil has claimed responsibility for a hack that impacted thousands of companies across the globe during the Fourth of July holiday weekend.
REvil is an abbreviation for "Ransomware evil."
When President Biden was asked if he would shut down the group's computers if Mr. Putin did not comply with his deadline on Friday, the president said simply, "Yes" When asked whether he would shut down the group's servers if Mr. Putin did not cooperate, Mr. Biden, said, "We expect them to act."
The question remains unanswered was it the United States or Russia that brought the site down?
Several internet security organizations reported that the group's publicly accessible "happy blog," which listed its victims, was no longer available. The custom-built websites where victims haggle with REvil about how much they are willing to pay to have their data released were no longer available.
- One of the most popular hypotheses about why REvil abruptly vanished was that the organization, which seemed to delight in the attention and earned large ransoms, including $11 million from JBS, had closed down their operation before political clout could be felt.
- Another one is that President Biden authorized the United States Cyber Command to bring it down in collaboration with domestic law enforcement authorities, notably the Federal Bureau of Investigation. A ransomware group thought to be using its skills to freeze voter registrations or other electoral data before the 2020 presidential election was crippled by Cyber Command last year, demonstrating its capability to do just that.
- A third holds that Russian President Vladimir Putin ordered the group's demise.
What is known is the unexplained disappearance of the group's dark websites occurred about 1 a.m. on Tuesday.
The disappearance of the ransomware attacks was welcomed by many who see ransomware as an emerging threat, including President Biden has described it as a critical national security threat. Still, it left others in the dark, unable to pay the ransom to get their data back and their businesses up and running.
Darkside, a Russian-based cybercriminal organization, after the ransomware assault on Colonial Pipeline, a U.S. business that was forced to shut down the gasoline and jet fuel pipelines running along the East Coast in May.
After the assault on the Colonial Pipeline, President Biden and his advisors started to assert that attacks on vital infrastructure pose a significant national security danger.
Although many analysts think Darksider's announcement to shut its doors was just digital theater, others predict that its core ransomware expertise may reassemble under a new name in the not-too-distant future.