14 DAY TRIAL // REvil, one of the world's most popular ransomware organizations, appears to have vanished since Tuesday morning, according to CNBC. Coincidence or not, this occurred just before a meeting between Russian and White House officials to discuss the growing threat of ransomware attacks throughout the world.
The REvil gang's websites, including the one where they post stolen data, are all down. Additionally, the loss of the gang's infrastructure and computers during the attack occurred at roughly 8 am on Tuesday morning, Moscow time. Instead of being able to access the cybercriminal gang's websites, visitors were prompted with the error “A server with the specified hostname could not be found”. The cause for the shutdown of REvil's cybercrime websites is unknown currently.
John Hultquist of Mandiant Threat Intelligence explained, “REvil’s darknet (.onion) and clearnet (decoder.re) websites are offline, and although we have no visibility into exactly how their darknet sites have been taken down their clearnet site’s domain has simply ceased resolving to an IP address and its dedicated name servers are still online”.
The achievements of the REvil cybercriminal gang in their cybercrime career
Since they began their activity in 2019, the REvil Russian-speaking gang, also known as Sodinokibi, has been responsible for over 42% of all recent ransomware attacks. They made quite a reputation across the globe recently by carrying out two big cyberattacks.
The first is the attack on JBS's meat producer, which forced the company to pay them an $11 million ransom. The second and most recent one, the Kaseya attack, that expanded to thousands of enterprises globally, demonstrated their power and ingenuity while also demonstrating how inadequate cybersecurity standards and implementations in corporations' systems are.
They felt so powerful that they declared they were not afraid of the cybersecurity focus of the United States and would attack even more targets in the United States. It's not yet clear if the Russian government pressured them to stop their hacking operation, or if they want to get out of the cybercrime life because they've made enough money.