Notorious ransomware group REvil knocked offline, according to report
REvil was hacked and forced offline this week in a multiple-country effort, according to Reuters.
REvil has apparently been knocked offline.
A coalition of government and private cybersecurity experts have turned the tables on REvil by hacking the ransomware group and forcing it offline this week, according to a Reuters report.
According to Thursday's report, which cites three private-sector cyber experts working with the US and one former official, the crime group's "Happy Blog" website, which had been used to leak victim data and extort companies, is no longer available.
Cybercriminals tied to the Russian-led criminal gang were responsible for a May cyberattack on the Colonial Pipeline that caused gas shortages in the US. The attackers used encryption software called DarkSide, which was developed by REvil associates. REvil, itself, was also responsible for an attack that shut down international meatpacker JBS in May.
Tom Kellermann, head of cybersecurity strategy for VMWare, told Reuters that the FBI, other federal agencies and "like-minded countries" stopped the group from victimizing additional companies. Kellermann serves as an adviser to the Secret Service on cybercrime investigations.
Reuters also cites a post in a cybercrime forum from a leadership figure known as "0_neday," who had helped restart REvil's operations after an earlier shutdown. That person said in their post that the group's servers had been compromised.
When asked by Reuters, a White House National Security Council spokesperson declined to comment on the operation specifically.
"Broadly speaking, we are undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors, working with the private sector to modernize our defenses, and building an international coalition to hold countries who harbor ransom actors accountable," the spokesperson told Reuters.
The FBI declined Reuters' request for comment.