A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.
The REvil ransomware gang is unhappy, with its Happy Blog leak site and Tor payment site pushed offline yet again, this time by a multi-country battering ram.
Relying on input from three private-sector cyber-experts working with the U.S. and one former official, Reuters reported on Thursday that the ransomware-as-a-service (RaaS) gang has been given a taste of its own medicine: Specifically, the “hackers” who took out REvil’s servers did it by compromising its backups.
VMWare head of cybersecurity strategy Tom Kellermann told Reuters that those “hackers” were actually law enforcement and intelligence agencies from multiple countries: “The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” Kellermann, an adviser to the U.S. Secret Service on cybercrime investigations, said. “REvil was top of the list.”
REvil Didn’t Back Away From Its Own Backup
According to Reuters’ sources, last month, REvil operators restored operations from a backup that, it turns out, was under