Several sites and pages linked to a Russian-speaking hacker group called REvil, named after the ransomware used to extort targeted companies, abruptly disappeared from the internet on Tuesday, July 13. This evaporation occurs a few days after the attack claimed by REvil which targeted the Kaseya company. “All REvil sites are down,” says Lawrence Abrams, cybersecurity specialist and manager of the specialist news site Bleeping Computer. The representative of the group is curiously silent. ”
Millions of dollars paid out
In early July, REvil, also known as Sodinokibi, claimed responsibility for the ransomware attack targeting the US computer company Kaseya. In doing so, it had endangered the data of more than 1,000 companies, Kaseya customers, according to estimates. Last Friday, US President Joe Biden had asked, during a telephone exchange, his Russian counterpart Vladimir Poutine to act against the attacks carried out from Russia, under penalty of seeing the United States take “the necessary measures”.
“The days of those operating from Russia were numbered from the moment Colonial was hit,” Jake Williams, chief technical officer of cybersecurity firm BreachQuest, commented on Twitter. In early May, the Colonial pipeline system, the main source of gasoline for much of the American East, was temporarily shut down after a ransomware attack. The group then paid $ 4.4 million to hackers to regain control of its facilities.
To be clear, I have no idea what happened to REvil. But I stand by my earlier statement that operating in Russia was operating on borrowed time the second Colonial got hit.
— Jake Williams (@MalwareJake) July 13, 2021
At the end of May, the global meat giant JBS was targeted, notably paralyzing the group’s activities in Australia and suspending certain production lines in the United States. He too had paid a ransom of $ 11 million.
29% of cyber attacks
Analysts have suggested that the US military’s cyberspace command center has the means to attack hackers when national security is at stake, but no US official has ever confirmed this hypothesis.
“There are indications that REvil was the victim of the planned decommissioning of their infrastructures, either by the operators themselves, or by the industry, or by the authorities”, responded John Hultquist, of the Mandiant Threat Intelligence firm. , in a message to Agence France Presse.
If REvil has been permanently disrupted, it’ll mark the end of a group which has been responsible for >360 attacks on the US public and private sectors this year alone. pic.twitter.com/iviRTsBeJu
— Brett Callow (@BrettCallow) July 13, 2021
A recent IBM Security X-Force report identified Sodinokibi as the most formidable group of ransomware cybercriminals, being responsible for 29% of such cyberattacks in 2020.