Security News > 2021 > October > Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem.
Coinciding with the development, blockchain analytics firm Elliptic disclosed that $7 million in bitcoin held by the DarkSide ransomware group were moved through a series of new wallets, with a small fraction of the amount being transferred with each transfer to make the laundered money more difficult to track and convert the funds into fiat currency through exchanges.
The increasingly successful and profitable ransomware economy has been typically characterized by a complex tangle of partnerships, with ransomware-as-a-service syndicates such as REvil and DarkSide renting their file-encrypting malware to affiliates recruited through online forums and Telegram channels, who launch the attacks against corporate networks in exchange for a large share of the paid ransom.
This service model allows ransomware operators to improve the product, while the affiliates can focus on spreading the ransomware and infecting as many victims as possible to create an assembly line of ransom payouts that can then be split between the developer and themselves.
"Affiliates typically buy corporate access from for cheap and then infect those networks with a ransomware product previously obtained by the operators," Digital Shadows said in a report published in May 2021.
"The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised," Group-IB's Oleg Skulkin was quoted as saying to Reuters.