Russian-based ransomware group ‘REvil’ disappears after hitting US businesses

Group vanishes off dark web after Biden demands Russia take action

John Bowden
Tuesday 13 July 2021 19:02
<p>Ransomware-Kaseya-Security Problems</p>

Ransomware-Kaseya-Security Problems

Leer en Español

A ransomware operation thought to be one of the largest of such groups based in Russia vanished on Tuesday, weeks after taking credit for a major cyberattack on the US meat industry.

The New York Times reported that dark web pages purporting to belong to the group known as “REvil” were offline, including areas that boasted of the group’s successful operations, while pages used by victims to communicate with hackers to re-obtain access to stolen data were also gone. A cause could be identified immediately.

The news comes just days after White House press secretary Jen Psaki made it clear during a news conference that the US would take action against the groups if Russia did not.

President Joe Biden also confirmed to reporters on Friday that he would direct US Cyber Command to take down the servers hosting such groups if Russia failed to act.

Such a warning was also delivered to Russia’s President Vladimir Putin during a summit between the two leaders in Geneva, Mr Biden added.

“I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” the president said.

REvil was the ransomware group thought to be responsible for attacks on US businesses over the past several months including JBS, a Brazil-based meat producer that was forced to shut down operations at more than a dozen US-based cattle slaughterhouses in June.

The Independent has reached out to the White House and US Cyber Command for comment on the disappearance of the group on Tuesday.

Ransomware has become a major problem for US-based businesses, law enforcement groups, government agencies and other entities over the past several years, with recent US targets including the Washington, D.C. police department and the Colonial Pipeline Company.

The attack on Colonial’s systems caused a temporary gas shortage along the US eastern seaboard that was heavily exacerbated by panic-buying, and the group thought to be responsible disappeared a few weeks later, announcing the end of its operations.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments