Government Agents Compromise REvil Backups to Force Group Offline
The US authorities appear to have scored another win in their fight against ransomware by forcing the infamous REvil group offline. Experts have warned that there could be repercussions for former breach victims.
One former official and three private-sector cybersecurity experts confirmed to Reuters that an international operation was responsible for taking the group’s data leak site “Happy Blog” offline a few days ago.
Government specialists managed to compromise some of the group’s backups so that when it restarted services after another outage in July, they were already in the hands of law enforcement.
Although official sources declined to comment, the White House has been ramping up the pressure on ransomware actors since the Colonial Pipeline outage in May, an attack that REvil-linked DarkSide group carried out.
REvil and its affiliates were responsible for the monumental supply chain attack on Kaseya and many others, amassing a fortune in the process.
Jake Williams, CTO at BreachQuest, said news of the REvil take-down has been circulating in closed threat intelligence