REvil-ed Ransomware Group Goes Kaput?
REvil has been one of the top ransomware groups for the past few months but they’re suddenly offline. No note, no warning, just gone.
More in this short…
At 1:00 AM Eastern time on Tuesday, July 12th, 2021, the REvil ransomware gang appears to have closed up shop. Gone in the middle of the night, like that.
[00:00:09] Are they gone for good? No one knows.
Is this a good thing? Long term, absolutely.
Short term? Not so much.
[00:00:17] Gone with the gang’s online presence is any way for the up to 1500 victims of the Kaseya attack to get their encryption keys.
Now, sometimes when it’s a ransomware gang closes shop, they openly release the keys.
Let’s hope that this happens here.
[00:00:31] As to why REvil is offline… theories abound. But until we have more evidence, we simply won’t know.
But remember that ransomware works because it’s a low risk, high return crime.
If the spotlight becomes too intense, that equation changes and it might be time to reevaluate or rebrand.
Bank Info Security has, “List of Victims of Kaseya Ransomware Attack Grows”
Bleeping Computer coverage of the Avaddon shutdown, “Avaddon ransomware shuts down and releases decryption keys”
Lawrence Abrams speaking on the issue,
All REvil sites are down, including the payment sites and data leak site. 🤔— Lawrence Abrams (@LawrenceAbrams) July 13, 2021
The public ransomware gang represenative, Unknown, is strangely quiet.
- Kevin Beaumont on the issue,
Re REVil - I'm flying a plane right now but I just had a quick look at some recent payloads, they point to down payment sites now, also their different servers along the way are down + blog, DNS etc.— Kevin Beaumont (@GossiTheDog) July 13, 2021
However for those just tuning into ransomware groups, not too unusual (thread)