2 min

Tags in this article

, , , ,

The disappearance follows a run of spectacular high profile take-downs of businesses worldwide.

Ransomware gang REvil (allegedly named for “Ransomware Evil”) has disappeared following pressure from the U.S. government on Russia to act on ransomware groups operating in the country. The REvil ransomware gang, also known as Sodinokibi, dates back to 2018 and is believed to be an offshoot of the now-defunct GandCrab ransomware gang. REvil, in its three years, has made headlines for some of its high profile – and usually successful – attacks.

The websites and dark web portals of a Russia-based ransomware organization are now mysteriously offline just days after US President Joe Biden urged Russian President Vladimir Putin to take action.

Was the Kaseya attack the last straw for Putin’s patience?

REvil’s dark web data-leak site and their ransom-negotiating portals have both been unreachable since 1 am on Tuesday, July 13. Cybersecurity experts have stated that it is too early to speculate why and that there was no indication of a law enforcement takedown.

The disappearance comes a little more than a week after the gang’s alleged attack on Kaseya, which affected some 1,500 businesses worldwide. As of Tuesday, nobody has yet paid REvil’s demand of a $70 million ransom, which leaves the many hundreds of businesses reportedly affected by the attack in limbo.

Biden and Putin had a phone call on July 9, in which Biden urged Putin to rein in attacks from Russia-based groups. The American President also warned that the US had the right to protect its people and critical infrastructure from attacks.

Biden later told reporters that he had “made it very clear to him…we expect them to act” on information and also hinted the US could take direct digital retaliation on servers used for intrusions.