The REvil cyber ransomware gang is being taken really seriously

By: Yuriy Stanislavskiy | 22.10.2021, 13:02

Three private sector cyber experts working with U.S. authorities and a former official say the REvil ransomware group was hacked and taken offline this week in a joint operation by intelligence agencies from several countries.

Former partners and associates of the Russian-led criminal group are responsible for the cyberattack on the Colonial Pipeline in May that led to widespread gas shortages on the U.S. East Coast. Also among the immediate victims of REvil is JBS, a major meat producer. The crime group's "Happy Blog" website, which was used to leak victims' data and extort companies, is no longer available.

Officials said the attack on Colonial used encryption software called DarkSide, which was developed by the REvil group. Tom Kellermann, head of cybersecurity strategy at VMWare, said law enforcement and intelligence officials prevented other companies from falling victim to the gang.

The leader of the gang, known as "0_neday," who helped reactivate the group after a previous shutdown, said REvil's servers were hacked by an unnamed party.

"The server was hacked and they were looking for me," 0_neday wrote on a cybercrime forum last weekend. "Good luck everyone; I'm out."

Efforts by the US government to stop REvil, one of the worst of dozens of ransomware gangs that, along with hackers, infiltrate and paralyze companies around the world, intensified after the group hacked US software management company Kaseya in July.

That hack opened up access to hundreds of Kaseya customers at once, leading to numerous emergency cyber incident response calls.

Source: reuters