One of Russia's most notorious hacking organizations, REvil, has suddenly gone offline, just days after President Biden spoke with Russian President Vladimir Putin to raise concerns about the cyber crime last week.
The group, believed to be behind some of the largest ransomware scams in US history, runs several blogs and a payment website which are no longer reachable.
Speculation is rife that the disappearance of these sites is due to government intervention, possibly either from Russia or the US, but no official statement has been made by either party.
REvil Goes Dark
The blogs and payment site for cybergang REvil went down on Tuesday, suddenly and without any prior indication. The group primarily deals in ransomware scams, and was accused by the FBI of being behind the massive attack on meat processing company JBS, last month.
The official reason for the takedown is still unclear, but there is speculation that authorities may have intervened. President Biden hosted a phone call with Putin last Friday in which he discussed the increasing attacks on US businesses from Russian-based hacking groups. In the hour-long call, Biden told Putin that the country would take ‘any necessary action' to halt hacking attempts that stem from Russia:
‘I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it's not sponsored by the state, we expect them to act if we give them enough information to act on who that is.' – President Joe Biden
Whether either side has acted against the REvil group this week is unclear, but the timing of the group going offline is certainly interesting, just days after Biden said he was ‘optimistic' that action would be taken against their like.
Who are REvil?
The group known as REvil is a hacking organization that is likely Russian based, according to research by the FBI, and the fact that it never targets Russia itself.
REvil specializes in ransomware, a scam in which an individual's or organization's computer systems are infiltrated and locked until payment is provided. Failure to do so runs the risk of the exposure of sensitive company data. The group tends to target huge corporations, requesting payments of millions of dollars each time.
In the past, the group has been responsible for some of the biggest attacks the US has seen, such as the JBS ransomware attack in May, which saw the meat processing firm pay out $11 million in Bitcoin to the organization. At the start of July, Kaseya desktop software was targeted by REvil, leading to a ransom demand of $70 million, and causing havoc for companies worldwide.
We may never know the real reason why REvil appears to have been taken offline, but if it has gone for good, it is certainly one less thorn in the side for US government and businesses. However, REvil is far from the only massive ransomware operation out there, and the threat will never truly disappear while it remains profitable.
Safeguarding Businesses from Hackers
The pandemic has proven to be lucrative time for hackers, with cases on the rise over the past year. With more of us working from home, company tech infrastructures have had many weak points, which have been preyed on by hackers. According to one report, the average cost of a data breach is $21,659, with 5% of successful attacks costing businesses $1 million or more.
According to the same report, by far the most successful path for hackers is via human error. 85% of hacks occur through defrauding humans, whether it's through phishing scams, or convincing a user to install a dangerous application.
There are tools that businesses can use to minimize the risk to their staff, and company. These include anti-virus software, naturally, which can capture harmful files before they even get the chance to be opened. Then there's remote access software, providing a secure way for remote workers to access their work platform. Another tool we highly recommend at Tech.co is password managers. These can create robust, tough to break passwords for users, as well as alerting them should any passwords be breached.