REvil, Hacking Group Behind Major Ransomware Attack, Disappears

3 weeks ago 13

Politics|Russia’s astir assertive ransomware radical disappeared. It’s unclear who disabled them.

https://www.nytimes.com/2021/07/13/us/politics/russia-hacking-ransomware-revil.html

David E. Sanger

  • July 13, 2021, 12:57 p.m. ET

Just days aft President Biden called President Vladimir V. Putin of Russia and demanded that helium enactment to unopen down ransomware groups that are attacking American targets, the biggest of them has gone off-line. The enigma is who made that happen.

The group, called REvil, abbreviated for “Ransomware evil,’’ is believed liable for the onslaught that brought down 1 of America’s largest beef producers, JBS, and it took recognition for a hack that affected thousands of businesses astir the satellite implicit the July 4 holiday. On Friday, describing his ultimatum to the Russian president, Mr. Biden said “we expect them to act,” and erstwhile asked aboriginal if helium would instrumentality down the group’s servers if Mr. Putin did not, the president simply said, “Yes.”

But that is lone 1 imaginable mentation for what happened astir 1 a.m. connected Tuesday, erstwhile the group’s sites connected the acheronian web abruptly disappeared. Gone was the publicly-available “happy blog’’ that the radical maintained, listing its victims, and net information groups said the custom-made sites wherever victims negociate with REvil implicit however overmuch they volition wage to get their information unlocked were besides missing.

Image

President Biden pressured Russian President Vladimir Putin past  week to instrumentality     enactment   against cybercriminals successful  Russia.
Credit...Doug Mills/The New York Times

While their disappearance was celebrated by galore who spot ransomware arsenic a caller scourge, 1 that Mr. Biden has called a captious nationalist information threat, it near others successful the lurch — incapable to wage the ransom to get their information back, and their businesses backmost up and running.

“What’s the program for the victims?” asked Kurtis Minder, the main enforcement of Groupsense, a integer hazard extortion institution that was negotiating with the extortionists connected behalf of a determination instrumentality steadfast whose information was stolen.

There were 3 main theories floating astir astir wherefore REvil, which seemed to revel successful the publicity and reaped immense ransoms — including $11 cardinal from JBS — abruptly disappeared.

One is that Mr. Biden ordered the United States Cyber Command, moving with home instrumentality enforcement agencies, including the F.B.I., to bring it down. Cyber Command proved past twelvemonth that it could bash conscionable that, paralyzing a ransomware radical that it feared mightiness crook its skills to freezing up elector registrations oregon different predetermination information successful the 2020 election.

The 2nd mentation is that Mr. Putin ordered the radical taken down by Russia. If so, that would beryllium a motion toward heeding Mr. Biden’s warning, which helium offered, successful much wide terms, erstwhile the 2 leaders met June 16 successful Geneva.

And a 3rd is that REvil decided that the vigor was excessively intense, and took itself down to debar go portion of the crossfire betwixt the American and Russian presidents. That is what different Russian-based group, Darkside, did aft the ransomware onslaught connected Colonial Pipeline, the U.S. institution that had to unopen the gasoline and pitchy substance moving up the East Coast successful May.

But galore experts deliberation that Darkside’s going-out-of-business determination was integer theater, and that each of the cardinal ransomware endowment would reassemble nether a antithetic name. If so, the aforesaid could hap with REvil.

Just a fewer months ago, ransomware was considered mostly a transgression problem. But aft the onslaught connected Colonial Pipeline, Mr. Biden and his advisers began to state that attacks which endanger captious infrastructure represent a large nationalist information threat.

Read Entire Article