Don’t miss the latest developments in business and finance.

Russia's most aggressive ransomware group REvil disappears suddenly

It's unclear who made that happen

biden putin
Two weeks after Mr. Biden and Mr. Putin met in Geneva last month, REvil took credit for a hack that affected thousands of businesses around the world over the July 4 holiday.
NYT
3 min read Last Updated : Jul 15 2021 | 12:02 AM IST
Just days after President Biden demanded that President Vladimir V Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday.
 
The mystery is who made it happen.
 
The group is called REvil, short for “Ransomware evil.” Two weeks after Mr. Biden and Mr. Putin met in Geneva last month, REvil took credit for a hack that affected thousands of businesses around the world over the July 4 holiday.
 
That latest attack led to Mr. Biden’s ultimatum in a phone call on Friday to the Russian president. Later, Mr. Biden said that “we expect them to act,” and when asked by a reporter later if he would take down the group’s servers if Mr. Putin did not, the president simply said, “Yes.”
 
He may have done exactly that.
 
But that is only one possible explanation for what happened around 1 am Eastern time on Tuesday, when the group’s sites on the dark web suddenly disappeared.
 
Gone was the publicly available “happy blog” the group maintained, listing some of its victims and the group’s earnings from its digital extortion schemes. Internet security groups said the custom-made sites — think of them as virtual conference rooms — where victims negotiated with REvil over how much ransom they would pay to get their data unlocked also disappeared. So did the infrastructure for making payments.
 
While the disappearance of the hackers’ online presence was celebrated by many who see ransomware as a new scourge,  it left some of the group’s targets in the lurch, unable to pay the ransom to get their data back and get their businesses running again.
 
“What’s the plan for the victims?” asked Kurtis Minder, the chief executive of GroupSense, a digital risk protection company.
There were three main theories about why REvil  suddenly disappeared.
 
One is that Mr. Biden ordered the United States Cyber Command, working with domestic law enforcement agencies, including the FBI, to bring the group’s sites down. 
 
The second theory is that Mr. Putin ordered the group’s sites taken down. If so, that would be a gesture toward heeding Mr. Biden’s warning, which he had also conveyed, in more general terms, when the two leaders met on June 16 in Geneva.  
 
A third theory is that REvil decided that the heat was too intense, and took the sites down itself to avoid becoming caught in the crossfire between the American and Russian presidents. 
NYT

Topics :Joe BidenRussiaransomwareUS Russia

Next Story