fbpx
How Choosing the Right Printer Helps Small Businesses and Content Creators to Save Time, Maximise Productivity and Achieve GrowthRead more The United States Contributes USD $223 Million to Help World Food Programme (WFP) Save Lives and Stave Off Severe Hunger in South SudanRead more Eritrea: World Breastfeeding WeekRead more Eritrean community festival in Scandinavian countriesRead more IOM: Uptick in Migrants Heading Home as World Rebounds from COVID-19Read more Network International & Infobip to offer WhatsApp for Business Banking Services to Financial Institution Clients across AfricaRead more Ambassador Jacobson Visits Gondar in the Amhara Region to Show Continued U.S. Support for the Humanitarian and Development Needs of EthiopiansRead more Voluntary Repatriation of Refugees from Angola to DR Congo ResumesRead more Senegal and Mauritania Are Rich in Resources, Poor in Infrastructure, Now Is the Time to Change That Read more Madinat Jumeirah: Dubai’s Stunning Four Hotel Beach Resort Offers Unirvalled Benefits for Summer StaycationsRead more

Ransomware gang goes offline, prompting questions

show caption
A hacker group said to be behind this month's massive ransomware attack has disappeared from the "dark web"./AFP
Print Friendly and PDF

Jul 14, 2021 - 04:16 AM

WASHINGTON — A Russian-based hacker group blamed for a massive ransomware attack went offline Tuesday, sparking speculation about whether the move was the result of a government-led action.

The “dark web” page of the group known as REvil disappeared some two weeks after an attack which crippled networks of hundreds of companies worldwide and prompted a ransom demand of $70 million.

“REvil has seemingly vanished from the dark web, as its website has gone offline,” tweeted Allan Liska, a security researcher with the firm Recorded Future, who noted that the site had been unresponsive from around 0500 GMT.

The news comes after US President Joe Biden repeated a warning to his Russian counterpart Vladimir Putin late last week about harboring cybercriminals while suggesting Washington could take action in the face of growing ransomware attacks.

Analysts in the past have suggested that the US military’s Cyber Command has the capability to strike back at hackers in the face of threats to national security, but there was no official word on any such action.

“The situation is still unfolding, but evidence suggests REvil has suffered a planned, concurrent takedown of their infrastructure, either by the operators themselves or via industry or law enforcement action,” John Hultquist of Mandiant Threat Intelligence said in an emailed statement.

“If this was a disruption operation of some kind, full details may never come to light.”

Brett Callow of the security firm Emsisoft also pointed to unanswered questions.

“Whether the outage is the result of action taken by law enforcement is unclear,” Callow said.

“If law enforcement has managed to disrupt the gang’s operations, that would obviously be a good thing, but could create problems for any companies whose data is currently encrypted. They’d not have the option of paying REvil for the key needed to decrypt their data.”

James Lewis, head of technology and public policy at the Washington-based Center for Strategic & International Studies, said the site may be down for a number of reasons including pressure from Russian authorities.

“I don’t think it was us,” he said.

Liska noted that the site’s ownership had not been changed, making a domain seizure less likely. “This could suggest these are self-directed takedowns (too early to tell),” he said.

The unprecedented attack targeting the US software firm Kaseya affected an estimated 1,500 businesses.

The Kaseya attack, which was reported July 2, shut down a major Swedish supermarket chain and ricocheted around the world, impacting businesses in at least 17 countries, from pharmacies to gas stations, as well as dozens of New Zealand kindergartens.

ZONNTECH.COM uses both Facebook and Disqus comment systems to make it easier for you to contribute. We encourage all readers to share their views on our articles and blog posts. All comments should be relevant to the topic. By posting, you agree to our Privacy Policy. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, name-calling, foul language or other inappropriate behavior. Please keep your comments relevant and respectful. By leaving the ‘Post to Facebook’ box selected – when using Facebook comment system – your comment will be published to your Facebook profile in addition to the space below. If you encounter a comment that is abusive, click the “X” in the upper right corner of the Facebook comment box to report spam or abuse. You can also email us.