July 13–The REvil ransomware group has simply disappeared from the internet. The internet page on which it had listed its “accomplishments” also vanished from the web.
In recent days, President Biden spoke with President Vladimir Putin, calling for an end to rogue ransomware gangs. An ultimatum appears to have been presented and requests adhered to.
Immediately after Biden’s discussion with Putin, a reporter inquired as to whether Biden would disable REvil’s servers if Putin failed to address the ransomware stunts. President Biden replied in the affirmative.
Across the past several months, REvil has launched multiple high-profile ransomware attacks.
- In May, the JBS Foods ransomware episode, which forced the company to shut down in some parts of the world, and led to concerns about meat shortages, was conducted by REvil.
- In April, REvil hit Apple with a ruse just ahead of its 2021 product launch. The group demanded $50 million in extortion fees. As described in a past Cyber Talk article, the original attack hit Quanta, a manufacturer of Apple products.
- Did REvil access the SolarWinds network? Researchers report that threat actors claiming to have breached SolarWinds’ systems may be affiliated with the REvil ransomware gang, although further investigation is needed.
- In June, a little-publicized REvil attack hit a US nuclear weapons subcontractor.
- In July, the Kaseya fiasco directly affected 1,500 organizations worldwide, locking up their files and rendering select organizations non-functional.
While it would seem that REvil’s disappearance would be met with resounding applause, at present, the disappearance of the REvil group presents new problems. Organizations affected by the Kaseya breach that intended to pay ransoms for data retrieval have suddenly found themselves without reprieve. Experts and company executives are wondering how to move forward.
Why REvil disappeared
While Biden’s discussion with Putin is an obvious catalyst for the disappearance of the REvil group, other theories also abound.
- Biden may have ordered the US Cyber Command to assist in a REvil takedown.
- Alternatively, experts contend that REvil may have opted to remove itself from the internet as to avoid the international lime light.
Many experts contend that REvil will return, if perhaps in another form. In the way that rock bands famously split up and reconfigure themselves, these rebels are liable to do the same.
REvil represents one of the most prolific ransomware attack groups, according to Check Point Software. REvil may simply want to lay low for a while. The rest of us should likely refrain from jumping to an immediate conclusions one way or another.
US Cyber Security
On July 12th, the US Senate unanimously confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency (CISA) shortly after senator Rick Scott (R-Fla.) dissolved a hold that blocked Department of Homeland Security confirmations for several weeks. In addition, Chris Inglis has been sworn in as the first US national cyber director.
Both individuals have previously worked for the National Security Agency, and are well-poised to develop a long-term cyber strategy for the nation. In connection with the nation’s new cyber security efforts, a 75 person team will be set up to coordinate cyber policies, systems and processes for the country.