REvil ransomware group disappears from the Internet – In The News

One of the largest ransomware groups have disappeared from the Internet, with their website, blog and “helpdesk” all vanishing, leading to speculation in cybersecurity circles as to what happened.

REvil had made a number of headlines over the last few years. Most recently for orchestrating the largest ransomware attack to date via a supply-chain attack targeted a company called Kaseya, resulting in hundreds of businesses becoming infected with ransomware and a $70 million ransom demand.

However this week the group has effectively disappeared, with its online platforms becoming unreachable and its spokesperson not being active for a number of days.

Sponsored Content. Continued below...

There are a number of possible explanations, a few are outlined below.

• They were targeted by law enforcement. The group is suspected to be operating out of Russia, and only recently US President Biden had raised the issue of ransomware with Russian President Putin, It is possible that REvil’s infrastructure was taken down by US authorities or Russian authorities.
• Hardware maintenance or faults. It is not that unusual for ransomware gangs to experience hardware faults like the rest of us which could have resulted in their sites going down. Alternatively this could be the result of regular maintenance.
• Rebranding. REvil could be about to rebrand itself with a different name and this could be the result of this.
• Exit scam. REvil operates as a RaaS service, meaning it hires out its ransomware to other criminal groups. Such criminal groups can pay a large deposit to use the REvil ransomware – and those behind REvil could falsely claim they have been targeted by law enforcement so they can steal those deposits.

REvil have been behind a number of high profile attacks against companies in the United States and elsewhere across the world and it has likely made those behind the ransomware very wealthy. The United States and law enforcement have been stepping up their actions against those who deploy ransomware with many claiming this brand of digital crim should be treated similarly to terrorism.

Whether REvil are looking for a way out, are rebranding, experiencing technical issues or have already been crippled or seized by law enforcement remains to be seen.