REvil Ransomware Gang Goes Dark, Puzzling Experts
The REvil ransomware gang, behind the Kaseya attack, has gone dark and its websites have gone offline.
REvil successfully pulled off the biggest ransomware attack in history, targeting Kaseya’s software used in managed services around the world. The gang originally demanded a $70 million ransom, later lowering it to $50 million in private talks.
Despite the gang’s success, or perhaps because of it, the REvil gang appears to have gone dark. Its websites, including the one used as its “leak site,” have all shut down.
As BleepingComputer points out, it’s not uncommon for some REvil servers to go down, but it’s highly irregular for all of them to go down at once. BleepingComputer also cites evidence to suggest REvil may have shut down and erased their servers in response to a government subpoena.
It’s believed REvil has been operating out of Russia, and the code in its ransomware seems to specifically avoid computer systems where Russian languages are primary. Nonetheless, President Joe Biden has been putting additional pressure on Vladimir Putin to take action against cybercriminals operating within Russia’s borders.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his — even though it’s not sponsored by the state — we expect him to act if we give him enough information to act on who that is,” Biden told reporters, regarding a call he had with Putin.