Ransomware group REvil disappears from the internet

Its websites became inaccessible on Tuesday.

Just_Super via Getty Images

The Russia-linked ransomware group behind some of the biggest recent cyberattacks has disappeared from the internet. According to CNBC, Reuters and The Washington Post, the websites operated by the group REvil went down in the early hours of Tuesday. Dmitri Alperovitch, former chief technology officer of the cyber firm CrowdStrike, told The Post that the group's blog in the dark web is still reachable. However, its critical sites victims use to negotiate with the group and to receive decryption tools if they pay up are no longer available. Visitors to those websites now see a message that says "A server with the specified hostname could not be found."

REvil took responsibility for a recent string of ransomware attacks that affected around 800 to 1,500 businesses worldwide, including schools. It demanded $70 million to restore the data it stole and encrypted by exploiting a zero-day vulnerability in IT management software giant Kaseya's remote management application. Before that, experts linked the group to the ransomware attack on beef supplier JBS, which chose to pay US$11 million to get its data back.

It's unclear why REvil's websites aren't accessible anymore. As Reuters mentioned, ransomware gangs tend to vanish and rebrand in case they attract too much attention. President Biden recently revealed that he told Russian President Vladimir Putin that he expects his government to act on ransomware attacks coming from his country. When asked if the US would attack the servers Russian cybercriminals use to hijack American networks, Biden answered with a resounding "Yes."

Alperovitch told The Post that it doesn't look like REvil's servers were attacked, which means it's unlikely a an offensive cyber operation launched by US authorities. Kurtis Minder, the founder of threat intelligence firm GroupSense, told Reuters that if REvil's sites going down truly was the result of an offensive operation mounted by the US government, he hopes that "collateral damage was a consideration." Bad actors hold the key to the data they take ransom, and victims would have a tough time recovering theirs if that key gets destroyed or lost.