(Bloomberg) -- The Russia-linked ransomware gang REvil has seemingly vanished from the dark web, where it maintains several pages documenting its activities including one called the “happy blog.”
It’s not yet known if the sites were down temporarily or if the group -- or law enforcement -- took its websites offline.
“It’s too early too tell, but I’ve never seen ALL of their infrastructure offline like this,” said Allan Liska, senior threat analyst at cybersecurity firm Recorded Future Inc., in a text message. “I can’t find any of their infrastructure online. Their extortion page is gone, all of their payment portals are offline, as is their chat function.” Liska said the websites went offline around 1 a.m. Eastern time.
The sudden outage comes just days after President Joe Biden said he pressed Russian President Vladimir Putin to act against hackers in his country blamed for recent ransomware attacks.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though its not sponsored by the state, we expect him to act,” Biden told reporters.
REvil, which is suspected by cybersecurity firms and the U.S. government of operating out of Russia, was accused of being behind an attack on giant meat supplier JBS SA, which eventually paid the group $11 million ransom.
More recently, the group embarked on a wide-scale ransomware attack, which affected hundreds of companies globally. The hackers targeted software company Kaseya Ltd. and its customers.
Representatives from the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the White House didn’t immediately respond to a request for comment.
(Updates with new headline)
©2021 Bloomberg L.P.
Advertisement