The Kremlin has no clue where REvil is. Since last Tuesday, when the hacker’s group’s servers and websites went black, no one has heard from the hacker group. It is unclear whether REvil’s disappearance is related to talks between the US and Russian presidents.
Where is REvil hiding? It is a question that concerns many cybersecurity experts. Tuesday evening around 19:00 Dutch time, the Russian hackers of REvil were suddenly nowhere to be found on the internet. The sites on both the dark web and the regular internet were suddenly down. The hackers’ help desk was also suddenly no longer available. Finally, Unknown, a hacker who acts as a spokesperson for the hacker collective, was banned from the popular hacker forum XSS.
What the hell happened? At the moment no one seems to have the answer to this question. A Kremlin spokesman said the Russian government had nothing to do with REvil’s disappearance. Russian journalists approached the man asking if he knows more about it. “I can’t answer your question because I don’t have that information. I don’t know where the group is, or where they went,” the spokesperson said.
He emphasized that the Russian government finds any form of cybercrime unacceptable. “We think they [the REvil hackers] should be punished. On the international side, we believe we should all work together. In this case, Russia and the US must work together to intercept such demonstrations. And as for the details about this group, unfortunately, I don’t have that information,” he added.
Two theories are currently circulating about Tuesday’s events. The first theory suggests that the REvil got too hot underfoot and chose the rush path.
The hacker group is responsible for a global supply chain attack that has killed hundreds of companies and organizations worldwide. Due to a leak in the VSA management and management software of IT service provider Kaseya, they had an entrance to the computer systems of the software customers. In this way, REvil installed ransomware at about 800 to 1,500 companies in 17 countries, including the Netherlands. The hackers asked the victims $70 million for a universal decryption key.
Due to the scale and societal impact of the attack, it is obvious that law enforcement agencies around the world are hunting REvil. We wouldn’t be surprised if that’s why the hackers are hiding and erasing all their digital traces.
The second theory concerns the Americans. Last week, President Biden and President Putin discussed the cyberattacks that have hit the US lately. “I made it very clear to him that the US expects that when a ransomware operation is carried out from its territory, even if the state does not order it, we expect them to act if we give them enough information to act against whom that is,” Biden told reporters. He also allegedly hinted at retaliation.
With these words in mind, it is not inconceivable that President Biden has ordered his security services to shut down REvil’s infrastructure. A senior staff member confirmed that the US would take visible and invisible measures against Russian hackers if Russia did not take tougher action.
The Kremlin spokesman confirmed that bilateral consultations between the Americans and Russians are currently underway. He could not say if any specific measures have been announced against REvil. White House press secretary Jen Psaki also could not say whether the US government had anything to do with REvil’s disappearance.
Catch up on more articles here
Follow us on Twitter here