The Russian hacker group REvil was taken offline this week by the FBI, along with the US Secret Service, the US Department of Defense and various foreign powers. That writes the American news agency Reuters on the basis of various sources.
That’s how you see him, and not like that
REvil is a hacker group that attacks foreign companies and powers with ransomware from Russia. The group has been active since 2019 and has since made all kinds of victims and made millions of euros from cyber attacks. Victims include companies such as Travelex, Brown-Forman Corporation, Acer and Quanta Computer. This year, meat producer JBS, energy company Invenergy and ICT service provider Kaseyathe target the hacker group. This week, the Happy Blog, the website the hackers use to publish stolen data and blackmail companies, was no longer accessible. 0_neday, a prominent member of the hacker collective, confirms that the network has been taken down.
It’s not the first time the hackers have disappeared from the net. In mid – July REvil was suddenly nowhere to be seen. The sites on the dark web and the regular web had spontaneously gone black. The “help desk” was also no longer available. Finally, Unknown, the spokesperson for the hacker group, was banned from the XSS hacker forum.
In mid-September, the Russian hacker group spoke again. The Tor payment site was suddenly back online, as was the Happy Blog. Victims were able to log in again to negotiate a ransom or transfer money to the hackers’ accounts. Finally, new ransomware attacks took place, REvil spokesman Unknown confirmed.
Coalition attacks REvil backup servers
REvil’s comeback was short-lived, however. Cybersecurity experts confirm that the hacker group is once again off the air. According to them, the hackers were attacked by an international coalition. The FBI, the Cyber Command of the US Department of Defense, the US Secret Service and a number of “united powers” are among others responsible for this, Tom Kellermann of VMWare confirms to Reuters.
The attack was launched as REvil rebooted its infrastructure. The hacker group was unaware that a number of internal systems containing backups had been compromised by US law enforcement agencies. “Ironically, the gang’s favourite tactics turned against them,” said Oleg Skulkin of security firm Group-IB.
‘Good luck, everyone; I’m off’
The White House and FBI spokesman declined to comment on the matter. “Basically, we are engaged in a major ransomware operation, including disrupting infrastructure and building an international coalition to hold accountable countries that harbour hackers,” the US administration said.
REvil member 0_neday confirms that the group’s servers were targeted by an unknown party. He writes on a popular hacker forum that the FBI and other intelligence services are looking for him. He announces his departure through the forum with the words “Good luck, everyone; I’m off”.
Catch up on more articles here
Follow us on Twitter here