Security News > 2021 > July > REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks

REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down.

REvil is one of the most prolific ransomware-as-a-service groups that first appeared on the threat landscape in April 2019.

"If REvil has been permanently disrupted, it'll mark the end of a group which has been responsible for >360 attacks on the U.S. public and private sectors this year alone," Emsisoft's Brett Callow tweeted.

The sudden development comes close on the heels of a wide-scale supply chain ransomware attack aimed at technology services provider Kaseya, for which REvil took responsibility for and demanded a $70 million ransom to unlock access to encrypted systems in exchange for a universal decryption key that would unlock all victims data.

The disastrous attack saw the ransomware gang encrypting approximately 60 managed service providers and over 1,500 downstream businesses using a zero-day vulnerability in the Kaseya VSA remote management software.

"The situation is still unfolding, but evidence suggests REvil has suffered a planned, concurrent takedown of their infrastructure, either by the operators themselves or via industry or law enforcement action," FireEye Mandiant's John Hultquist told CNBC. It appears that REvil's Happy Blog was taken offline around 1 AM EST on Tuesday, with vx-underground noting that the group's public-facing representative, Unknown, has not posted on popular hacking forums such as Exploit and XSS since July 8.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/d7Z5Ja2uaL4/revil-ransomware-gang-mysteriously.html