The ransomware gang REvil was attacked and taken offline this week by a multi-country operation, according to three private-sector cyber specialists working with the US and one former official, Former Russian-led criminal gang partners and allies were responsible for a May hack on the Colonial Pipeline, which caused significant gas shortages on the US East Coast. JBS, a leading meatpacker, is one of REvil’s primary victims. The crime syndicate’s “Happy Blog” website, designed to leak victim data and extort businesses, is no longer accessible.
Officials stated the Colonial assault made use of DarkSide encryption software created by REvil colleagues.
According to VMWare’s head of cybersecurity strategy, Tom Kellermann, law enforcement and intelligence officials blocked the gang from targeting other firms. “The FBI, in collaboration with Cyber Command, the Secret Service, and like-minded countries, has genuinely engaged in major disruptive operations against these groups,” said Kellermann, a cybercrime consultant to the US Secret Service. “REvil was at the very top of the list.” An unknown party hacked REvil’s servers, according to a senior member known as “0 neday,” who helped resume the group’s activities following an earlier halt.
The US government’s efforts to halt REvil, one of the worst of dozens of ransomware gangs that collaborate with hackers to enter and paralyze firms worldwide, have increased since the group attacked the US software management company Kaseya in July. This compromise provided access to hundreds of Kaseya customers at once, resulting in multiple emergency cyber incident response calls. Following the Kaseya assault, the FBI got a universal decryption key, allowing individuals affected by Kaseya to recover their files without paying a ransom.
According to three persons acquainted with the situation, police enforcement and intelligence cyber specialists could break into REvil’s computer network architecture and take control of at least part of its servers. After the hacking organization’s commercial websites went offline in July, the chief spokesman for the gang, who goes by the moniker “Unknown,” vanished from the internet. Last month, when gang member ‘0 neday’ and others restored those websites from a backup, he mistakenly reactivated specific internal systems that were already under law enforcement control. Backups are one of the essential defences against ransomware attacks, but they must be kept disconnected from the leading networks, or else extortionists like REvil will encrypt them.