Article
Cyber Security

Cybersecurity companies speak out on disappearance of REvil

By Vikki Davies
October 19, 2021
undefined mins
REvil, the notorious ransomware group, has suddenly disappeared from the Dark Web and its websites appear to have been hijacked.

REvil, the notorious Russian-linked ransomware gang responsible for the high-profile cyberattacks on Kaseya, Travelex and JBS earlier this year, has disappeared again after its Tor payment portal and data leak blog were allegedly hijacked.

News of the shutdown was first claimed in a post on a known criminal forum by a threat actor known to be affiliated with the REvil operation, first discovered by cybersecurity company Recorded Future’s Dmitry Smilyanets.

A threat actor from the group has revealed the disruption on a hacking forum formally announcing that REvil has suspended operations. 

Steve Moore, Chief Security Strategist at Exabeam says: "This latest disruption seems to be caused by insider fighting or possible offensive takedown – it’s the final blow to REvil. The operator only mentions a “third party” – no attempt is made to identify their identity.

"Keep in mind these are organisations like any other, but with fewer rules. Based on information shared, they lost control of their backups which contained keys to overtake their network. In the exciting twist, the adversary was seemingly taken down due to weak technology hygiene, a flaw generally exploited by them to extort money from their victims.”

Thomas Cartlidge, Head of Threat Intelligence at Six Degrees adds: "To most of us, the news of REvil's difficulties will not change the level of ransomware threat. In the past quarter we saw a record number of ransomware attacks against UK organisations, many of them believed to be launched by criminals other than REvil. What does this mean? Well, despite the trials and tribulations of one particular ransomware operator, it shows that the threat to organisations remains stark and that the operating model of these criminals is robust. I believe that we shouldn’t focus on the disappearance of one Tor payment portal, but instead on the broader issue of why these attacks are still so successful."

Neil Jones, Cybersecurity Evangelist at Egnyte concludes: "When malware infrastructure goes offline- even temporarily- that's obviously good news for businesses. However, I would encourage organisations not to let their guards down, and to continue with the proven detection and mitigation strategies that have gotten them through the recent ransomware crisis. Realistically, new ransomware infrastructure can be brought online quickly, so we all need to remain vigilant. Continual steps must be taken to thwart ransomware groups, and the public and private sectors must come together at the highest levels to challenge multi-million dollar cybercriminal gangs." 

 

ExabeamCybersecurityREvilEgnyte
Share
Share

Featured Articles

Barracuda: Why Businesses Struggle to Manage Cyber Risk

Barracuda Networks CIO report shows that six in 10 businesses struggle to manage cyber risk, with issues such as policy struggles and management buy-in

Evri, Amazon and Paypal Among Brands Most Used by Scammers

With the development of AI, cybercriminals are becoming more and more sophisticated in their attacks, using fake websites and impersonating popular brands

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Technology & AI

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Cyber Security

Speaker Lineup Announced for Tech Show London 2024

Technology & AI