REvil, Hacking Group Behind Major Ransomware Attack, Disappears

Just days after President Biden known as President Vladimir V. Putin of Russia and demanded that he act to close down ransomware teams which are attacking American targets, the largest of them has gone off-line. The thriller is who made that occur.

The group, known as REvil, brief for “Ransomware evil,” is believed chargeable for the assault that introduced down certainly one of America’s largest beef producers, JBS, and it took credit score for a hack that affected 1000’s of companies all over the world over the July four vacation. On Friday, describing his ultimatum to the Russian president, Mr. Biden stated “we expect them to act,” and when requested later if he would take down the group’s servers if Mr. Putin didn’t, the president merely stated, “Yes.”

But that is just one doable rationalization for what occurred round 1 a.m. on Tuesday, when the group’s websites on the darkish internet all of a sudden disappeared. Gone was the publicly-available “completely happy weblog’’ that the group maintained, itemizing its victims, and web safety teams stated the custom-made websites the place victims negotiate with REvil over how a lot they may pay to get their information unlocked have been additionally lacking.

President Biden pressured Russian President Vladimir Putin final week to take motion towards cybercriminals in Russia.Credit…Doug Mills/The New York Times

While their disappearance was celebrated by many who see ransomware as a brand new scourge, one which Mr. Biden has known as a vital nationwide safety menace, it left others within the lurch — unable to pay the ransom to get their information again, and their companies again up and operating.

“What’s the plan for the victims?” requested Kurtis Minder, the chief govt of Groupsense, a digital threat safety firm that was negotiating with the extortionists on behalf of a regional legislation agency whose information was stolen.

There have been three important theories floating round about why REvil, which appeared to revel within the publicity and reaped big ransoms — together with $11 million from JBS — all of a sudden disappeared.

One is that Mr. Biden ordered the United States Cyber Command, working with home legislation enforcement businesses, together with the F.B.I., to carry it down. Cyber Command proved final yr that it might do exactly that, paralyzing a ransomware group that it feared would possibly flip its expertise to freezing up voter registrations or different election information within the 2020 election.

The second concept is that Mr. Putin ordered the group taken down by Russia. If so, that might be a gesture towards heeding Mr. Biden’s warning, which he provided, in additional common phrases, when the 2 leaders met June 16 in Geneva.

And a 3rd is that REvil determined that the warmth was too intense, and took itself all the way down to keep away from changing into a part of the crossfire between the American and Russian presidents. That is what one other Russian-based group, Darkside, did after the ransomware assault on Colonial Pipeline, the U.S. firm that needed to shut down the gasoline and jet gasoline operating up the East Coast in May.

But many consultants suppose that Darkside’s going-out-of-business transfer was digital theater, and that all the key ransomware expertise would reassemble beneath a distinct title. If so, the identical might occur with REvil.

Just just a few months in the past, ransomware was thought-about largely a felony drawback. But after the assault on Colonial Pipeline, Mr. Biden and his advisers started to declare that assaults which threaten vital infrastructure represent a serious nationwide safety menace.