One of the most prolific ransomware gangs in the world suddenly disappeared from the internet on Tuesday morning. The inexplicable exodus comes just a day before senior White House and Russian officials are due to meet to discuss the global ransomware crisis.
A ransom crew known as REvil has been around for years in the cybercrime underworld. Huge 42% of all recent ransomware attacks follow up to this gang, but are known for two hacks. Earlier this month, the gang hit at least 1,000 companies by attacking software company Kaseya. It was one of the broadest ransomware campaigns ever conducted. And last month, REvil hit meat supplier JBS and demanded payment of $ 11 million. Although world leaders have turned their attention to ransomware and threatened action, REvil has been defiant – until now.
“We’re a little messy as we pull out to figure out what’s going on,” says Allan Liska, a senior threat analyst at security firm Recorded Future. “We’re cautiously optimistic that one of the biggest gangs out there was made.”
There are several possible explanations for what caused today’s shutdown. First, the gang may have decided to withdraw if they made enough money or felt too much pressure. The United States or its allies may have successfully taken them offline. Or the Russian government may have forced them to close under international scrutiny. Their disappearance could also be temporary – many cybercriminals pretend to “retreat” before eventually reappearing under new identities.
The answer is unclear, and the broader problem of ransomware remains great.
“I don’t know what this means, but no matter what, I’m happy!” tweetao Katie Nickels, director of intelligence at the American firm Red Canary. “If it’s a government removal – great, they’re taking action. If the actors have voluntarily fallen silent – great, they may be scared. It is still important to keep in mind that this does not address ransomware. ”