The U.S. government has reportedly hacked one of the world’s most prolific ransomware groups REvil, which was responsible for pulling some of the most high profile hacks in recent history.
Believed to be based in Russia, REvil has been connected to some of the biggest cyberattacks in 2021. Not too long ago, the ransomware gang breached America’s largest meat supplier JBS and extorted about $11 million from the firm.
The ransomware group would go on to orchestrate another hack against the global IT supplier Kaseya, demanding for a $70 million ransom in exchange for access to encrypted victim files.
Barely two weeks after the Kaseya breach, REvil’s web services disappeared from the internet under unclear circumstances.
The latest event that has knocked the ransomware group offline has been credited to the Federal Bureau of Investigation (FBI), U.S. Secret Service, Cyber Command, and institutions from other countries across the world.
It turns out that REvil’s dark web blog, which was used by the hackers to expose information harvested from victims, is also offline. Information concerning the FBI hack against the ransomware group started surfacing early in the week, with TechCrunch reporting that the REvil Tor website had become unavailable.
Otherwise, speculation about the law enforcement hack may have begun with revelations of a forum post whose screenshot was shared by a Twitter user – in the post, a suspected leader said that the REvil server had been compromised (See below).
Figure 1: Screenshot of a forum post by a suspected REvil member (Source: Twitter)
A report by Reuters broke the news that may turn out to be a turning point for dark web-facilitated threat groups that have been endangering government institutions and private firms on U.S. soil and across the world.
The latest event reflects the U.S. government recent onslaught against cybercriminal enterprises that have terrorized organizations through ransomware attacks. In addition to creating a crypto enforcement unit, the U.S. Treasury has tightened sanctions that are designed to inhibit the process of criminals cashing in from hacking incidents.
Nonetheless, it’s worth noting that this may not be the ultimate end of the notorious ransomware group. Past reports have pointed to the fact that the hacking family has gone off the dark web before, only to resurface later under unclear circumstances.