REvil, Hacking Group Behind Major Ransomware Attack, Disappears

2 weeks ago 8

Politics|Russia’s astir assertive ransomware radical disappeared. It’s unclear who made that happen.

https://www.nytimes.com/2021/07/13/us/politics/russia-hacking-ransomware-revil.html

David E. Sanger

  • July 13, 2021, 12:57 p.m. ET

Just days aft President Biden called President Vladimir V. Putin of Russia and demanded that helium enactment to unopen down ransomware groups that are attacking American targets, the astir assertive of the groups abruptly went off-line aboriginal Tuesday morning, terminating negotiations implicit ransom payments and adjacent bringing down the leafage wherever it boasted astir its astir palmy extortion schemes.

The enigma is who made that happen.

The group, called REvil, abbreviated for “Ransomware evil,” has been identified by U.S. quality agencies arsenic liable for the attack that brought down 1 of America’s largest beef producers, JBS. Two weeks aft Mr. Biden and Mr. Putin met successful Geneva past month, REvil took recognition for a hack that affected thousands of businesses astir the satellite implicit the July 4 holiday.

That latest onslaught led to Mr. Biden’s ultimatum successful a telephone telephone connected Friday to the Russian president. Later, Mr. Biden said “we expect them to act,” and erstwhile asked by a newsman aboriginal if helium would instrumentality down the group’s servers if Mr. Putin did not, the president simply said, “Yes.”

He whitethorn person done precisely that. But that is lone 1 imaginable mentation for what happened astir 1 a.m. Eastern clip connected Tuesday, erstwhile the group’s sites connected the acheronian web abruptly disappeared. Gone was the publically disposable “happy blog’’ that the radical maintained, listing its victims, and net information groups said the custom-made sites wherever victims negociate with REvil implicit however overmuch they volition wage to get their information unlocked were besides missing.

Image

During a gathering  successful  Geneva connected  June 16, President Biden pressured Russia’s president, Vladimir V. Putin, to instrumentality     enactment   against cybercriminals who are attacking American targets. Mr. Biden said that helium  demanded that Mr. Putin instrumentality     enactment   successful  a telephone  past  week.
Credit...Doug Mills/The New York Times

While their disappearance was celebrated by galore who spot ransomware arsenic a caller scourge, 1 that Mr. Biden has called a captious nationalist information threat, it near immoderate of the group’s targets successful the lurch — incapable to wage the ransom to get their information backmost and their businesses backmost up and running.

“What’s the program for the victims?” asked Kurtis Minder, the main enforcement of Groupsense, a integer hazard extortion institution that was negotiating with the extortionists connected behalf of a determination instrumentality steadfast whose information was stolen.

There were 3 main theories floating astir astir wherefore REvil, which seemed to revel successful the publicity and reaped immense ransoms — including $11 cardinal from JBS — abruptly disappeared.

One is that Mr. Biden ordered the United States Cyber Command, moving with home instrumentality enforcement agencies, including the F.B.I., to bring the group’s sites down. Cyber Command proved past twelvemonth that it could bash conscionable that, paralyzing a ransomware radical that it feared mightiness crook its skills to freezing up elector registrations oregon different predetermination information successful the 2020 election.

The 2nd mentation is that Mr. Putin ordered the group’s sites taken down. If so, that would beryllium a motion toward heeding Mr. Biden’s warning, which helium offered, successful much wide terms, erstwhile the 2 leaders met connected June 16 successful Geneva.

And a 3rd is that REvil decided that the vigor was excessively intense, and took the sites down itself to debar becoming caught successful the crossfire betwixt the American and Russian presidents. That is what different Russian-based group, Darkside, did aft the ransomware onslaught connected Colonial Pipeline, the U.S. institution that had to unopen down the gasoline and pitchy substance moving up the East Coast successful May.

But galore experts deliberation that Darkside’s going-out-of-business determination was integer theater, and that each of the cardinal ransomware endowment would reassemble nether a antithetic name. If so, the aforesaid could hap with REvil.

Just a fewer months ago, ransomware was considered mostly a transgression problem. But aft the onslaught connected Colonial Pipeline, Mr. Biden and his advisers began to state that attacks that endanger captious infrastructure represent a large nationalist information threat.

Read Entire Article