REvil Ransomware Group Gets Taste of Own Medicine
Crypto News

REvil Ransomware Group Gets Taste of Own Medicine

7 months ago

According to Reuters, a multi-country operation has resulted in the criminal gang being hacked and forced offline.

REvil Ransomware Group Gets Taste of Own Medicine

Inhaltsverzeichnis

The ransomware group REvil has just got a taste of its own medicine.

According to Reuters, a multi-country operation has resulted in the criminal gang being hacked and forced offline.

REvil has been behind a number of high-profile attacks this year — targeting the Colonial Pipeline and causing gas shortages across a large part of the U.S.

It also targeted Kaseya, with the ensuing disruption reverberating around the world. Hundreds of supermarkets were forced to close in Sweden, and some rail services were affected too. 

Following attacks, REvil used its “Happy Blog” to leak data from victims who refused to pay ransoms, but this is now unavailable.

What Happened?

Tom Kellerman, the head of cybersecurity strategy at VMWare, told Reuters:

“The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive action against these groups. REvil was top of the list.”

One of the group’s leaders wrote on a cybercrime forum:

“The server was compromised, and they were looking for me. Good luck, everyone; I’m off.” 

The Reuters report suggests that law enforcement and cyber specialists were able to hack REvil’s infrastructure earlier this year and take control of some of its servers. 

REvil’s websites were later restored from a backup — but this resulted in internal systems controlled by law enforcement also being reactivated. 

As cybersecurity expert Oleg Skulkin said: 

“The REvil ransomware gang restored the infrastructure from the backups under the assumption they had not been compromised. Ironically, the gang’s own favorite tactic of compromising the backups was turned against them.”

6 people liked this article