Cybersecurity companies speak out on disappearance of REvil

REvil, the notorious ransomware group, has suddenly disappeared from the Dark Web and its websites appear to have been hijacked.

REvil, the notorious Russian-linked ransomware gang responsible for the high-profile cyberattacks on Kaseya, Travelex and JBS earlier this year, has disappeared again after its Tor payment portal and data leak blog were allegedly hijacked.

News of the shutdown was first claimed in a post on a known criminal forum by a threat actor known to be affiliated with the REvil operation, first discovered by cybersecurity company Recorded Future’s Dmitry Smilyanets.

A threat actor from the group has revealed the disruption on a hacking forum formally announcing that REvil has suspended operations. 

Steve Moore, Chief Security Strategist at Exabeam says: "This latest disruption seems to be caused by insider fighting or possible offensive takedown – it’s the final blow to REvil. The operator only mentions a “third party” – no attempt is made to identify their identity.

"Keep in mind these are organisations like any other, but with fewer rules. Based on information shared, they lost control of their backups which contained keys to overtake their network. In the exciting twist, the adversary was seemingly taken down due to weak technology hygiene, a flaw generally exploited by them to extort money from their victims.”

Thomas Cartlidge, Head of Threat Intelligence at Six Degrees adds: "To most of us, the news of REvil's difficulties will not change the level of ransomware threat. In the past quarter we saw a record number of ransomware attacks against UK organisations, many of them believed to be launched by criminals other than REvil. What does this mean? Well, despite the trials and tribulations of one particular ransomware operator, it shows that the threat to organisations remains stark and that the operating model of these criminals is robust. I believe that we shouldn’t focus on the disappearance of one Tor payment portal, but instead on the broader issue of why these attacks are still so successful."

Neil Jones, Cybersecurity Evangelist at Egnyte concludes: "When malware infrastructure goes offline- even temporarily- that's obviously good news for businesses. However, I would encourage organisations not to let their guards down, and to continue with the proven detection and mitigation strategies that have gotten them through the recent ransomware crisis. Realistically, new ransomware infrastructure can be brought online quickly, so we all need to remain vigilant. Continual steps must be taken to thwart ransomware groups, and the public and private sectors must come together at the highest levels to challenge multi-million dollar cybercriminal gangs." 



Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI