A group of government agencies have gone on the offensive against the REvil ransomware gang.
REvil is one of the most notorious and prolific ransomware gangs. The gang is responsible for the Kaseya attack, believed to be the largest ransomware attack in history. REvil was also behind the JBS Foodsattack, and its associates were responsible for the Colonial Pipeline attack. The group went dark shortly after the Kaseya hack, before reappearing some time later.
According to Reuters, a group of US agencies, in cooperation with other countries, have hacked REvil, significantly disrupting its operations.
“The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” said Tom Kellermann, VMWare head of cybersecurity strategy and adviser to the U.S. Secret Service. “REvil was top of the list.”
One of REvil’s leaders, “0_neday,” confirmed the group had been attacked.
“The server was compromised, and they were looking for me,” 0_neday wrote on a cybercrime forum. “Good luck, everyone; I’m off.”
Reuters reports that 0_neday is notable as one of the individuals who helped the group resume operations after the Kesaya attack, and inadvertently led to its demise. Following the Kesaya attack, law enforcement was able to obtain a decryption key and gain access to some of the group’s servers. After REvil’s websites went offline, 0_neday evidently restored the websites from backups, unaware the backups were made after the group’s servers had been compromised. This once again opened the door for law enforcement to mount their offensive.
It’s too soon to know if REvil has been dealt a fatal blow, but the disruption is certain to be a welcome respite.