REvil ransomware gang’s website and infrastructure has gone offline, about a week and a half after the news of the group’s cyberattack on IT software vendor Kaseya.
According to many reports, the group’s public website, the dark-web portal that facilitated its ransom negotiations with victims and the site that victims used to pay those ransoms were dark. REvil’s public spokesperson, “Unknown,” has been offline since last week, researchers say.
It remains unclear why REvil’s public presence has disappeared or weather the outage is permanent or temporary, or if law enforcement took its websites down. “At this point, anything around is pure speculation. Ransomware gangs operating in Russia were on borrowed time the second Colonial was hit. The Russian government didn’t care about the cybercrime occurring within its borders, but only so long as it didn’t impact Russia itself,” Jake Williams, Co-Founder and CTO at BreachQuest.
Williams adds, “That has clearly changed – the Russian government can clearly see they are being impacted by the actions of these actors. Whether REvil was taken out of commission by the Russian government, saw the writing on the wall and took infrastructure down, is simply rebranding like so many groups have (likely including REvil itself), or something else is unknown at this point.”
This outage comes just days after President Joe Biden vowed to take action against REvil and other Russian-based ransomware gangs if Russian authorities didn’t interfere themselves. “I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though its not sponsored by the state, we expect him to act,” Biden told reporters.
Hitesh Sheth, President and CEO at Vectra, says, “The real question here is not what happened to REvil. It’s how we defend against a constantly changing threat matrix where REvils come and go like trains at Grand Central. Whether REvil is back in business next week with a new name or succeeded by a similar ransomware power makes no difference. We assume the challenge is ongoing. The best response is for every organization to emphasize security-first IT strategy featuring AI-driven threat detection. That’s how we build a more secure digital future.”