14 July 2021

Hacker group blamed for recent Kaseya ransomware attack goes dark


Hacker group blamed for recent Kaseya ransomware attack goes dark

Websites on the dark web used by the notorious Russia-linked REvil ransomware group believed to be behind a series of ransomware attacks on hundreds of organizations and businesses worldwide, including the US software vendor Kaseya, and the world’s largest meat processor JBS, have gone offline.

The group’s public website and a payment website became unavailable on Tuesday morning. The reason behind the websites’ disappearance is not clear, however, some speculations suggest that REvil - also known as Sodinokibi - may have been targeted by authorities.

“The situation is still unfolding, but evidence suggests REvil has suffered a planned, concurrent takedown of their infrastructure, either by the operators themselves or via industry or law enforcement action,” John Hultquist of Mandiant Threat Intelligence told CNBC.

“If this was a disruption operation of some kind, full details may never come to light,” he added.

According to Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, all REvil’s command and control infrastructure also went offline, and the group’s public spokesperson, who is known online as “Unknown,” “hasn’t been active on message boards since last Thursday.”

The news comes less than a week after President Joe Biden strongly urged Russian President Vladimir Putin to take further action against ransomware groups based in Russia.

Biden was later asked if it made sense for the U.S. to attack the servers used by the attackers, and Biden responded, "yes."

This is not the first time in recent months when a ransomware operation goes dark. In May, the DarkSide hacking group, also linked to Russia, shut down its operations after the FBI blamed the group for the ransomware attack on the US fuel pipeline Colonial Pipeline that caused gas shortages in several states.


Back to the list

Latest Posts

Malicious actors target Kubernetes clusters via Argo Workflows

Malicious actors target Kubernetes clusters via Argo Workflows

In the observed attacks the threat actors deployed a popular cryptocurrency mining container, kannix/monero-miner.
26 July 2021
Kaseya obtains a decryptor for victims of the REvil ransomware attack

Kaseya obtains a decryptor for victims of the REvil ransomware attack

It's not clear, if the company paid any ransom.
23 July 2021
Chinese cyber-spies use hacked routers in attacks against French organizations

Chinese cyber-spies use hacked routers in attacks against French organizations

The hackers are hijacking home routers to build a proxy botnet in order to hide the origins of their attacks.
22 July 2021