Story image

Notorious ransomware group REvil taken down in government fight back

By Shannon Williams, Tue 26 Oct 2021

A multi-government effort has resulted in notorious ransomware group REvil being taken offline, with some of its servers allegedly hijacked, according to reports.

The notorious Russia-based ransomware gang REvil, which earlier this year was responsible for some high profile cyber attacks including the JBS Meat attack in June and the Kaseya attack in July, may have had a taste of its own medicine.

A consortium of government law enforcement groups including the FBI, US Cyber Command, and Secret Service, in partnership with a range of partners in other governments, knocked the gang offline by sabotaging REvil's infrastructure.

REvil's website and data-leaking platform, known as Happy Blog, is now inaccessible.

"In the fight against ransomware, its hard to overstate the significance of the reported multi-country takedown of the ransomware group, REvil," says Steve Forbes, government cyber security expert at Nominet.

"With the group forced offline and some of its servers allegedly hijacked, one of the most notorious ransomware operators - which carried out attacks against meatpacker JBS and software provider Kaseya earlier this year - has been disrupted," he says.

Ransomware has increasingly taken centre stage this year, as it has disrupted global supply chains. 

Forbes says despite not always being a very sophisticated attack method, it achieves notoriety because of its real world impact.

"A combination of network analysis to identify the tell-tale signs of a ransomware attack, robust back-ups to aid recovery, and cross-country co-ordinated takedowns will be the key to stemming the flow of successful ransomware attacks in the future," he says.

"Whilst this is a major win in the battle against ransomware, we cannot rest easy as the organisations behind ransomware have generated significant income giving them the ability to rebrand and reinvent themselves many times over," says Forbes.

"We can only hope that these law enforcement measures start to make the risk greater than the reward for cyber criminals."

However, other reports have surfaced claiming fellow cybercrime groups are calling for revenge after the dismantling of REvil's infrastructure. Cybercrime group Groove is allegedly encouraging the wider cyber extortionist community to band together to target U.S. interests.

BleepingComputer published a translation of the Russian blog post from Groove, containing numerous threats against the US public sector - "Show this old man who is the boss here who is the boss and who will be on the Internet.”

Groove’s post read, “While our boys were dying on honeypots, the nets from rude aibi squeezed their own… but he was rewarded with higher and now he will go to jail for treason, so let’s help our state fight against such ghouls as cybersecurity firms that are sold to amers, like US government agencies.

“I urge not to attack Chinese companies, because where do we pinch if our homeland suddenly turns away from us, only to our good neighbors – the Chinese!”

Recent stories
More stories