REvil gang vanishes from the internet
Pressure from American and Russian authorities is suspected
Websites belonging to REvil, the Russian-linked cybercriminal gang responsible for attacks on Quanta, JBS and Kaseya, have gone offline.
So far, the group's public website, the site it used to negotiate ransoms and the one that victims used to make payments have all vanished, returning an 'Onionsite not found' error.
"In simple terms, this error generally means that the onion site is offline or disabled. To know for sure, you'd need to contact the onion site administrator," Al Smith, fundraising director at the Tor Project, told BleepingComputer.
Dark web sites can often lose connectivity, but for all of REvil's to disappear at once is unusual. It has sparked speculation that the authorities may be moving in.
Just last month, President Biden met President Putin to discuss the ongoing cyber attacks against the West, which all seem to originate from Russia. At the time he was talking about the attack on Colonial Pipeline, which is classed as critical infrastructure. Biden said he expects Russia to act against any such groups operating within its borders. Cyber experts believe that gangs like this have long acted with implicit sanction from the Russian state, as long as they don't target entities within Russia.
Biden followed this discussion with a phone call to his opposite number last week, after the attack on Kaseya. He used this as an opportunity to raise the issue again, telling reporters, "I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it's not sponsored by the state, we expect them to act if we give them enough information to act on who that is."
The timing of the REvil outage hints at officials from either the USA or Russia getting involved. A source, whose identity is so far unconfirmed (so take this with a pinch of salt), told the BBC that the US 'feds' took down elements of REvil's websites and so the group decided to take the rest down itself. The source added there had been pressure from the Kremlin, too, saying, "Russia is tired of the US and other countries crying to them."
Commenting on the story, Jake Moore, cybersecurity specialist at ESET, said:
"The increasing scale and breadth of new and improving police tactics are starting to take effect in disrupting cybercriminal gangs. With recent state of the art techniques used to target displacing the money in other operations, it is clear that the police are beginning to turn the tide and fight back on digital crime.
"Although the detail in such law enforcement tactics still remain unknown to the public, it highlights the police are continuing to grow in their operations and fight from different angles. However, this setback for REvil will unlikely deter them completely. If anything, it may spur them on more."
This story is developing.