A group of Russia-linked ransomware behind some of the biggest recent cyber attacks has disappeared from the internet. According to CNBC,, Reuters i Washington Post, the website run by the REvil group collapsed in the early hours of the morning. Dmitri Alperovitch, former chief technology officer of cyber company CrowdStrike, told Mail that the group’s blog on the dark web is still available. However, critical places are used by victims to negotiate with the group and to obtain deciphering tools if salaries are no longer available. Visitors to these websites now see a message that says “Server with specified hostname not found.”
REvil has claimed responsibility for a recent series of ransomware attacks that have hit about 800 to 1,500 businesses around the world, including schools. That demanded $ 70 million to recover data they stole and encrypted. Earlier, experts linked the group to ransomware attacks on software management software giant Kaseya and beef supplier JBS, which decided to pay $ 11 million to return its data.
It is unclear why REvil’s website is no longer available. As Reuters mentioned, gangs of ransomware usually disappear and are renamed in case they attract too much attention. President Biden recently discovered that he told Russian President Vladimir Putin that he expected his government to act on ransomware attacks coming from his country. Asked if the U.S. would attack servers used by Russian cybercriminals to hijack U.S. networks, Biden replied with a resounding “Yes.”
Alperovitch said Mail that it does not appear that REvil’s servers have been attacked, which means that it is unlikely that this is an offensive cyber operation initiated by the American authorities. Curtis Minder, founder of GroupSense threat alert firm, told Reuters to if REvil’s websites that truly failed are the result of an insulting action carried out by the U.S. government, hoping the “collateral damage was a consideration”. Bad actors hold the key to the data for which they take the ransom, and victims would find it difficult to access their data if that key is destroyed or lost.
All products recommended by Engadget are selected by our editorial team, regardless of our parent company. Some of our stories include associated links. If you buy something through one of these links, we may earn an associated commission.