REvil, Hacking Group Behind Massive Ransomware Attack Disappears


The second theory is that Mr Putin ordered the group’s sites to be shut down. If so, it would be a gesture to heed Mr. Biden’s more generally warning, which he also conveyed when the two leaders met in Geneva on June 16. And he would arrive a day or two before a virtual meeting of a US-Russian working group on the issue, set up during the Geneva meeting.

A third theory is that REvil decided the heat was too intense and took the sites down on its own to avoid getting caught in the crossfire between the American and Russian presidents. Another group of Russian origin, dark sideIt did so after the ransomware attack on Colonial Pipeline, a US company that was forced to shut down the pipeline that supplies gasoline and jet fuel to much of the East Coast after its computer network was breached in May.

But many experts think DarkSide’s move to bankruptcy is nothing more than digital theatre, and that all of the group’s key ransomware talents will be reunited under a different name. If so, the same could happen for REvil, a Massachusetts cybersecurity firm that Recorded Future estimates is responsible for about a quarter of all sophisticated ransomware attacks against Western targets. .

Allan Liska, a senior intelligence analyst at Recorded Future, said that if REvil disappeared, he doubts it was voluntary. “These guys are braggarts,” said Mr. Liska. “And we didn’t see any notes, any bullshit. They seem to have abandoned everything under pressure.”

There were suggestions that the raid might have come from Russia. Some officials said that General Paul M. Nakasone, the commander of the United States Cyber ​​Command and director of the National Security Agency, is not expected to have all options for US action against ransomware actors by the end of this week. And there was no evidence that REvil’s sites had been “seized” by a court order, which the Department of Justice frequently issued.

Cyber ​​Command declined to comment.

Closing REvil for now gives Mr. Putin and Mr. Biden a chance to show they are facing the problem, while also giving ransomware players an opportunity to get their winnings back. The biggest losers will be companies and towns that fail to obtain encryption keys and are perhaps locked out of their data forever. (Usually, when ransomware groups disband, they release decryption keys. That didn’t happen on Tuesday.)

Mr Biden is expected to present a ransomware strategy in the coming weeks, revealing how Colonial Pipeline and other recent attacks demonstrate how critical infrastructure poses a major national security threat.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *