REvil ransomware gang taken offline by multinational effort

An abstract image of padlocks overlaying a digital background.
(Image credit: Shutterstock)

In a welcome move, sources have confirmed that the recent troubles plaguing the notorious REvil ransomware operator are the result of a concerted effort by various cybersecurity agencies.

Reuters credits REvil’s latest disappearance to the US based on insights shared by three private sector cyber experts working with US security agencies and one former official.

VMware’s head of cybersecurity strategy Tom Kellermann, an advisor to the US Secret Service on cybercrime investigations, noted that REvil was a high priority target for the law enforcement and intelligence agencies.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

"The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” Kellermann told Reuters.

Done and dusted

Earlier this week, REvil’s was forced to take down its online infrastructure, hosted on the dark web, in response to an unidentified party hijacking the gang’s domains.

The news of the hijack was shared by the gang’s official representative known as "0_neday," who reportedly was instrumental in restarting the group's operations after a similar shutdown earlier this year.

"The server was compromised, and they were looking for me," 0_neday wrote on a cybercrime forum.

REvil has been behind some of the most extravagant ransomware operations of late including the one against managed service providers (MSP) by exploiting a vulnerability in the Kaseya VSA remote management software to infect thousands of computers around the world.

Action against Russia-based threat actors, including REvil, featured prominently in the US-Russian Presidential talks in Geneva earlier this year.

US President Joe Biden has assured that cybersecurity is one of the top priorities for his administration. While his administration has announced several steps and measures to strengthen the cybersecurity posture, REvil’s take down is perhaps one of the boldest displays of its intent in its fight against ransomware.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.