Cybersecurity companies speak out on disappearance of REvil

Share
REvil, the notorious ransomware group, has suddenly disappeared from the Dark Web and its websites appear to have been hijacked.

REvil, the notorious Russian-linked ransomware gang responsible for the high-profile cyberattacks on Kaseya, Travelex and JBS earlier this year, has disappeared again after its Tor payment portal and data leak blog were allegedly hijacked.

News of the shutdown was first claimed in a post on a known criminal forum by a threat actor known to be affiliated with the REvil operation, first discovered by cybersecurity company Recorded Future’s Dmitry Smilyanets.

A threat actor from the group has revealed the disruption on a hacking forum formally announcing that REvil has suspended operations. 

Steve Moore, Chief Security Strategist at Exabeam says: "This latest disruption seems to be caused by insider fighting or possible offensive takedown – it’s the final blow to REvil. The operator only mentions a “third party” – no attempt is made to identify their identity.

"Keep in mind these are organisations like any other, but with fewer rules. Based on information shared, they lost control of their backups which contained keys to overtake their network. In the exciting twist, the adversary was seemingly taken down due to weak technology hygiene, a flaw generally exploited by them to extort money from their victims.”

Thomas Cartlidge, Head of Threat Intelligence at Six Degrees adds: "To most of us, the news of REvil's difficulties will not change the level of ransomware threat. In the past quarter we saw a record number of ransomware attacks against UK organisations, many of them believed to be launched by criminals other than REvil. What does this mean? Well, despite the trials and tribulations of one particular ransomware operator, it shows that the threat to organisations remains stark and that the operating model of these criminals is robust. I believe that we shouldn’t focus on the disappearance of one Tor payment portal, but instead on the broader issue of why these attacks are still so successful."

Neil Jones, Cybersecurity Evangelist at Egnyte concludes: "When malware infrastructure goes offline- even temporarily- that's obviously good news for businesses. However, I would encourage organisations not to let their guards down, and to continue with the proven detection and mitigation strategies that have gotten them through the recent ransomware crisis. Realistically, new ransomware infrastructure can be brought online quickly, so we all need to remain vigilant. Continual steps must be taken to thwart ransomware groups, and the public and private sectors must come together at the highest levels to challenge multi-million dollar cybercriminal gangs." 

 

Share

Featured Articles

Kyndryl and AWS: The Cyber Issues Facing the Energy Sector

Kyndryl and AWS survey highlights the cybersecurity readiness gap in energy enterprises, with oil & gas organisations among the top groups at risk

Customer Confidence: Hiscox Reveals Growing Cost of Attacks

Hiscox study shows 43% of businesses lost customers after breaches, an almost doubling in sentiments

Supply Chain Security: Why Is It Key for the Energy Sector?

Check Point Software and Black Duck analyse KPMG research that analyses why the energy sector is at such high risk of supply chain attacks

Top 10 OT Platforms

Operational Security

Microsoft: What Satya Nadella's $5m Pay Cut Says About Cyber

Cyber Security

Armis Security: The Company Reaching Valuations of $4.3bn

Cyber Security