REvil has been one of the top ransomware groups for the past few months but they’re suddenly offline. No note, no warning, just gone.
More in this short…
Transcript
At 1:00 AM Eastern time on Tuesday, July 12th, 2021, the REvil ransomware gang appears to have closed up shop. Gone in the middle of the night, like that.
[00:00:09] Are they gone for good? No one knows.
Is this a good thing? Long term, absolutely.
Short term? Not so much.
[00:00:17] Gone with the gang’s online presence is any way for the up to 1500 victims of the Kaseya attack to get their encryption keys.
Now, sometimes when it’s a ransomware gang closes shop, they openly release the keys.
Let’s hope that this happens here.
[00:00:31] As to why REvil is offline… theories abound. But until we have more evidence, we simply won’t know.
But remember that ransomware works because it’s a low risk, high return crime.
If the spotlight becomes too intense, that equation changes and it might be time to reevaluate or rebrand.
References
- “Russia’s most aggressive ransomware group disappeared. It’s unclear who made that happen.”, from the NY Times
- Bank Info Security has, “List of Victims of Kaseya Ransomware Attack Grows”
- Bleeping Computer coverage of the Avaddon shutdown, “Avaddon ransomware shuts down and releases decryption keys”
- Lawrence Abrams speaking on the issue,
All REvil sites are down, including the payment sites and data leak site. 🤔
The public ransomware gang represenative, Unknown, is strangely quiet.— Lawrence Abrams (@LawrenceAbrams) July 13, 2021
- Kevin Beaumont on the issue,
Re REVil - I'm flying a plane right now but I just had a quick look at some recent payloads, they point to down payment sites now, also their different servers along the way are down + blog, DNS etc.
However for those just tuning into ransomware groups, not too unusual (thread)— Kevin Beaumont (@GossiTheDog) July 13, 2021
