REvil-ed Ransomware Group Goes Kaput?

2 minute read | Last updated 14-Jul-2021 |Cybercrime, Security

REvil has been one of the top ransomware groups for the past few months but they’re suddenly offline. No note, no warning, just gone.

More in this short…

Transcript

At 1:00 AM Eastern time on Tuesday, July 12th, 2021, the REvil ransomware gang appears to have closed up shop. Gone in the middle of the night, like that.

[00:00:09] Are they gone for good? No one knows.

Is this a good thing? Long term, absolutely.

Short term? Not so much.

[00:00:17] Gone with the gang’s online presence is any way for the up to 1500 victims of the Kaseya attack to get their encryption keys.

Now, sometimes when it’s a ransomware gang closes shop, they openly release the keys.

Let’s hope that this happens here.

[00:00:31] As to why REvil is offline… theories abound. But until we have more evidence, we simply won’t know.

But remember that ransomware works because it’s a low risk, high return crime.

If the spotlight becomes too intense, that equation changes and it might be time to reevaluate or rebrand.

References

• “Russia’s most aggressive ransomware group disappeared. It’s unclear who made that happen.”, from the NY Times

• Bank Info Security has, “List of Victims of Kaseya Ransomware Attack Grows”

• Bleeping Computer coverage of the Avaddon shutdown, “Avaddon ransomware shuts down and releases decryption keys”

• Lawrence Abrams speaking on the issue,

All REvil sites are down, including the payment sites and data leak site. 🤔

The public ransomware gang represenative, Unknown, is strangely quiet.

— Lawrence Abrams (@LawrenceAbrams) July 13, 2021

• Kevin Beaumont on the issue,

Re REVil - I'm flying a plane right now but I just had a quick look at some recent payloads, they point to down payment sites now, also their different servers along the way are down + blog, DNS etc.

However for those just tuning into ransomware groups, not too unusual (thread)

— Kevin Beaumont (@GossiTheDog) July 13, 2021