A Russian-based hacker group responsible for a huge ransomware assault went offline, prompting rumors whether it was an action taken by the government.
The “dark web” page of the group known as REvil vanished some two weeks after an assault which affected networks of hundreds of businesses globally and led to a ransom demand of $70 million.
A security expert, Allan Liska, with the firm Recorded Future, said: “REvil has seemingly vanished from the dark web, as its website has gone offline.”
The news comes on the heels of the US President Joe Biden’s repeated warning to his Russian counterpart Vladimir Putin about harboring threat actors while suggesting the United States could take action in the face of rising ransomware attacks.
Experts in the past have suggested that the US military’s Cyber Command is capable of striking back at cybercriminals in the face of threats to national security, but there was no official word on any such action.
John Hultquist of Mandiant Threat Intelligence said in an emailed statement: “The situation is still unfolding, but evidence suggests REvil has suffered a planned, concurrent takedown of their infrastructure, either by the operators themselves or via industry or law enforcement action.”
“If this was a disruption operation of some kind, full details may never come to light.”
Brett Callow of the security firm Emsisoft also pointed to unanswered questions.
“Whether the outage is the result of action taken by law enforcement is unclear,” Callow said.
“If law enforcement has managed to disrupt the gang’s operations, that would obviously be a good thing, but could create problems for any companies whose data is currently encrypted. They’d not have the option of paying REvil for the key needed to decrypt their data.”