REvil has been behind ransomware, including Apple leaks, attacks on enterprise software vendors, etc. today, Reuters reported that the US gov has successfully hacked the entity. FBI has joined hands with Secret Service, Cyber Command, and organizations from other countries to take the group’s operations offline. At the moment, their dark web blog, which is the main source for exposing information, is offline.
In fact, earlier this week, TechCrunch reported that their Tor website doesn’t respond. At that time, many didn’t think the blog was hacked. But when one of the suspected leaders of REvil wrote a post about “hacked: servers, many began thinking not everything is simple as might seem. Anyway, but at the time, no one took responsibility for hacking the group’s blog. Now, Reuters proves the government made the blog go offline and its operation against ransomware hackers is still ongoing.
On one hand, it sounds odd that someone (the government, for the moment) hacks other hackers. But on the other hand, it’s quite reasonable that the government has to take some measures. It’s because hackers steal a lot of money (more than $40 million) which doesn’t allow the companies to restore their operations. Moreover, the Treasury pushed sanctions that make it almost impossible to turn hacked machines into cash. In their turn, the Department of Justice created a team, which should investigate crimes committed by cryptocurrency exchanges.
FBI Hacks REvil
REvil targets big companies or their suppliers. Say, recently, the group targetd an Apple supplier and got schematics of the MacBooks (the latter came this week). Oher cases were related to the massive meat processor JBS, IT management software developer Kaseya, Travelex, and Acer. Not in vain, the US Treasury’s Financial Crimes Enforcement Network called it one of the biggest ransomware groups in terms of reported payouts.
By the way, in July this year, REvil went offline. It happened just a month after the FBI issued a statement saying the group is responsible for bringing down JBS. If this company name doesn’t make sense for you, it’s the fifth in the world in terms of meat supply.
Of course, REvil might return soon. A REvil group member has already restored a backup and included systems compromised by law enforcement. “The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised,” said Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB. “Ironically, the gang’s own favorite tactic of compromising the backups was turned against them.”