Ransomware gang that hit meat vendor mysteriously disappears from the internet
By Brian Fung, Zachary Cohen and Geneva Sands, CNN Business
REvil, the ransomware gang that attacked JBS Foods meat supplier this spring, and a major computer software vendor this month, mysteriously disappeared from the Internet, according to cybersecurity experts who follow the group.
Websites and other infrastructures belonging to the cybercriminal gang, which is said to be operating from Eastern Europe or Russia, died on Tuesday as attentive observers of the group discovered they were unable to connect to REvil’s webpage listing its victims .
Others said they were unable to log into the sites REvil uses to communicate with victims and collect ransom payments.
“All the REvil sites are down, including the payment sites and the data leak site,” tweeted Lawrence Abrams, creator of the information security blog BleepingComputer. “The public representative of the ransomware gang [sic], Unknown, is strangely calm.
It wasn’t immediately clear why REvil disappeared, but it follows a series of high-profile hacks by the group that has taken control of computers around the world. It also comes after President Joe Biden said he warned his Russian counterpart Vladimir Putin there would be consequences if Moscow failed to fight ransomware attacks emanating from within its borders.
The Biden administration has increasingly identified ransomware as a threat to national and economic security, highlighting its potential to disrupt critical infrastructure on which Americans depend.
The ransomware works by locking down a computer network, stealing and encrypting data until victims agree to pay a fee.
Those who refuse may find their information leaked online. In recent years, ransomware gangs have attacked hospitals, universities, police departments, city governments, and a wide variety of other targets.
A familiar source told CNN that the House Intelligence Committee had not been made aware of what caused the darkness of REvil. A staff member of the Senate Intelligence Committee said “no comment” when asked if the committee had been made aware of the situation.
Over the July 4 bank holiday weekend, cybersecurity experts said REvil was responsible for a attack on Kaseya, a computer software company that indirectly supports countless small businesses including accounting firms, restaurants, and dental practices.
REvil claimed responsibility for the attack, demanding a a mind-boggling ransom of $ 70 million to free the affected machines. U.S. officials also said REvil was behind the attack on JBS, one of the world’s largest meat packers.
REvil obtained $ 11 million from victims during its operation, according to cryptocurrency payment tracker Ransomwhere.
The sudden disappearance of the group has sparked much speculation about what may have happened. Theories range from planned system downtime to a coordinated government strike. But at this point, the experts are still guessing. The FBI and US Cyber Command declined to say if they could have been involved.
“This outage could be criminal maintenance, a planned retreat or, more likely, the result of an offensive response to the criminal enterprise – we don’t know,” said Steve Moore, chief security strategist at the cybersecurity company Exabeam.
Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, speculated that Western governments could pressure internet infrastructure companies not to respond to web browser requests for REvil sites.
Drew Schmitt, senior threat intelligence analyst at GuidePoint Security, warned that while the inability to connect to REvil sites may be a potential indicator of law enforcement involvement, it does not prove it. conclusively.
“Last week the REvil site was down a bit as well,” he said in a statement to CNN.
REvil is among the most prolific ransomware attackers, according to cybersecurity firm CheckPoint. In the past two months alone, REvil has carried out 15 attacks per week, CheckPoint spokesman Ekram Ahmed said.
Given the attention it has garnered, REvil may have intentionally chosen to keep a low profile for a while, Ahmed added. “We recommend that you don’t jump to any immediate conclusions as it’s early days, but REvil is, indeed, one of the most ruthless and creative ransomware gangs we’ve ever seen.”
Anne Neuberger, the White House’s top cyber official, was traveling with Biden on Tuesday, though her reasons for accompanying the president to Philadelphia are unclear. A White House spokesperson did not immediately respond to a request for comment.
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.