REvil hacker group suspected of Kaseya attack disappears from internet

Several sites and pages linked to a Russian-speaking hacker group called REvil, named after the ransomware used to extort targeted companies, abruptly disappeared from the internet on Tuesday, July 13. This evaporation occurs a few days after the attack claimed by REvil which targeted the Kaseya company. “All REvil sites are down,” says Lawrence Abrams, cybersecurity specialist and manager of the specialist news site Bleeping Computer. The representative of the group is curiously silent. ”

Millions of dollars paid out

In early July, REvil, also known as Sodinokibi, claimed responsibility for the ransomware attack targeting the US computer company Kaseya. In doing so, it had endangered the data of more than 1,000 companies, Kaseya customers, according to estimates. Last Friday, US President Joe Biden had asked, during a telephone exchange, his Russian counterpart Vladimir Poutine to act against the attacks carried out from Russia, under penalty of seeing the United States take “the necessary measures”.

Read also: US government concerned about scale of cyberattack on Kaseya

“The days of those operating from Russia were numbered from the moment Colonial was hit,” Jake Williams, chief technical officer of cybersecurity firm BreachQuest, commented on Twitter. In early May, the Colonial pipeline system, the main source of gasoline for much of the American East, was temporarily shut down after a ransomware attack. The group then paid $ 4.4 million to hackers to regain control of its facilities.

At the end of May, the global meat giant JBS was targeted, notably paralyzing the group’s activities in Australia and suspending certain production lines in the United States. He too had paid a ransom of $ 11 million.

29% of cyber attacks

Analysts have suggested that the US military’s cyberspace command center has the means to attack hackers when national security is at stake, but no US official has ever confirmed this hypothesis.

“There are indications that REvil was the victim of the planned decommissioning of their infrastructures, either by the operators themselves, or by the industry, or by the authorities”, responded John Hultquist, of the Mandiant Threat Intelligence firm. , in a message to Agence France Presse.

A recent IBM Security X-Force report identified Sodinokibi as the most formidable group of ransomware cybercriminals, being responsible for 29% of such cyberattacks in 2020.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.