REvil Ransomware Group Was Itself Hacked And Forced Offline By A Planned Attack
Russia-based ransomware group REvil was recently taken down in a collaborative effort by countries to neutralise the group's online presence
Evil is out... kind of! Global governments recently joined hands to expel Russia-based REvil ransomware group. The ransomware gang REvil went offline on Sunday and it appears that law enforcement officials from different countries had a role to play in this takedown.
Also Read: Apple Hit By 'REvil' Ransomware Attack, Future Product Plans Stolen
The group's most recent takedown was reported first by Reuters, wherein security experts from the United States along with cybersecurity experts from other countries worked together to take REvil offline.
REvil down!
A security expert named Dmitry Smilyanets shared a series of messages on Twitter from a known REvil operator called "0_neday". The cyber scammers were discussing the takedown on XSS, a cybercriminal forum.
According to the REvil operator, someone took control over the group's Tor payment portal along with the data leak website. Till now, it wasn't clear who undertook the exercise.
? REvil #ransomware developers share updates on the @xss_is forum pic.twitter.com/4WyAEqDFQW
¡ª ?????? ?????????? (@ddd1ms) October 17, 2021
In the messages with "O_neday", the user talks about "Unknown", another REvil representative, the other member of the group who had REvil's domain keys.
In July, "Unknown" had disappeared and other members of REvil assumed that he had died.
Also read: Teenage Hacker Who Found IRCTC's Security Hole Explains How He Did It
REvil resumed operations in September. It was only this weekend that the REvil domain was accessed using the domain keys possessed by "Unknown".
It appears that the US and a group of other countries were behind this action that has taken REvil offline. The head of cybersecurity strategy at VMWare, Tom Kellerman revealed to Reuters that governments hacked the infrastructure of REvil, forcing it offline.
Also read: Microsoft Says Russia Behind Over 50% Of State-Sponsored Cyber Hacks
"The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups... REvil was top of the list", Kellermann, an adviser to the US Secret Service on cybercrime investigations told Reuters.
REvil's "Happy Blog" website where victim data and extortion details were posted is not available anymore.
What do you think about governments coming together to take down REvil? Share your thoughts with us in the comments below. For more in the world of technology and science, continue reading Indiatimes.com.