Cybersecurity companies speak out on disappearance of REvil

REvil, the notorious ransomware group, has suddenly disappeared from the Dark Web and its websites appear to have been hijacked.

REvil, the notorious Russian-linked ransomware gang responsible for the high-profile cyberattacks on Kaseya, Travelex and JBS earlier this year, has disappeared again after its Tor payment portal and data leak blog were allegedly hijacked.

News of the shutdown was first claimed in a post on a known criminal forum by a threat actor known to be affiliated with the REvil operation, first discovered by cybersecurity company Recorded Future’s Dmitry Smilyanets.

A threat actor from the group has revealed the disruption on a hacking forum formally announcing that REvil has suspended operations. 

Steve Moore, Chief Security Strategist at Exabeam says: "This latest disruption seems to be caused by insider fighting or possible offensive takedown – it’s the final blow to REvil. The operator only mentions a “third party” – no attempt is made to identify their identity.

"Keep in mind these are organisations like any other, but with fewer rules. Based on information shared, they lost control of their backups which contained keys to overtake their network. In the exciting twist, the adversary was seemingly taken down due to weak technology hygiene, a flaw generally exploited by them to extort money from their victims.”

Thomas Cartlidge, Head of Threat Intelligence at Six Degrees adds: "To most of us, the news of REvil's difficulties will not change the level of ransomware threat. In the past quarter we saw a record number of ransomware attacks against UK organisations, many of them believed to be launched by criminals other than REvil. What does this mean? Well, despite the trials and tribulations of one particular ransomware operator, it shows that the threat to organisations remains stark and that the operating model of these criminals is robust. I believe that we shouldn’t focus on the disappearance of one Tor payment portal, but instead on the broader issue of why these attacks are still so successful."

Neil Jones, Cybersecurity Evangelist at Egnyte concludes: "When malware infrastructure goes offline- even temporarily- that's obviously good news for businesses. However, I would encourage organisations not to let their guards down, and to continue with the proven detection and mitigation strategies that have gotten them through the recent ransomware crisis. Realistically, new ransomware infrastructure can be brought online quickly, so we all need to remain vigilant. Continual steps must be taken to thwart ransomware groups, and the public and private sectors must come together at the highest levels to challenge multi-million dollar cybercriminal gangs." 

 

Share

Featured Articles

ICYMI: New Age of the CISO and cybersecurity trends for 2023

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Kingfisher chooses Google Cloud as catalyst for growth

Google Cloud will support Kingfisher's digital ambitions with a range of solutions, from infrastructure to data analytics.

ICYMI: Cyber predictions for 2023 and trouble in paradise

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Osirium shares its cyber predictions for 2023

Cyber Security

ICYMI: Unloved emails and cybersecurity worth $500bn by 2030

Cyber Security

Cyber security market anticipated to reach $500bn by 2030

Cyber Security