Massive Russian Ransomware Operation Goes Offline

Prolific hacking group REvil appears to be offline, after months of active ransomware attacks on US companies.

One of Russia’s most notorious hacking organizations, REvil, has suddenly gone offline, just days after President Biden spoke with Russian President Vladimir Putin to raise concerns about the cyber crime last week.

The group, believed to be behind some of the largest ransomware scams in US history, runs several blogs and a payment website which are no longer reachable.

Speculation is rife that the disappearance of these sites is due to government intervention, possibly either from Russia or the US, but no official statement has been made by either party.

REvil Goes Dark

The blogs and payment site for cybergang REvil went down on Tuesday, suddenly and without any prior indication. The group primarily deals in ransomware scams, and was accused by the FBI of being behind the massive attack on meat processing company JBS, last month.

The official reason for the takedown is still unclear, but there is speculation that authorities may have intervened. President Biden hosted a phone call with Putin last Friday in which he discussed the increasing attacks on US businesses from Russian-based hacking groups. In the hour-long call, Biden told Putin that the country would take ‘any necessary action’ to halt hacking attempts that stem from Russia:

‘I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is.’ – President Joe Biden

Whether either side has acted against the REvil group this week is unclear, but the timing of the group going offline is certainly interesting, just days after Biden said he was ‘optimistic’ that action would be taken against their like.

Who are REvil?

The group known as REvil is a hacking organization that is likely Russian based, according to research by the FBI, and the fact that it never targets Russia itself.

REvil specializes in ransomware, a scam in which an individual’s or organization’s computer systems are infiltrated and locked until payment is provided. Failure to do so runs the risk of the exposure of sensitive company data. The group tends to target huge corporations, requesting payments of millions of dollars each time.

In the past, the group has been responsible for some of the biggest attacks the US has seen, such as the JBS ransomware attack in May, which saw the meat processing firm pay out $11 million in Bitcoin to the organization.  At the start of July, Kaseya desktop software was targeted by REvil, leading to a ransom demand of $70 million, and causing havoc for companies worldwide.

We may never know the real reason why REvil appears to have been taken offline, but if it has gone for good, it is certainly one less thorn in the side for US government and businesses. However, REvil is far from the only massive ransomware operation out there, and the threat will never truly disappear while it remains profitable.

Safeguarding Businesses from Hackers

The pandemic has proven to be lucrative time for hackers, with cases on the rise over the past year. With more of us working from home, company tech infrastructures have had many weak points, which have been preyed on by hackers.  According to one report, the average cost of a data breach is $21,659, with 5% of successful attacks costing businesses $1 million or more.

According to the same report, by far the most successful path for hackers is via human error. 85% of hacks occur through defrauding humans, whether it’s through phishing scams, or convincing a user to install a dangerous application.

There are tools that businesses can use to minimize the risk to their staff, and company. These include anti-virus software, naturally, which can capture harmful files before they even get the chance to be opened. Then there’s remote access software, providing a secure way for remote workers to access their work platform. Another tool we highly recommend at is password managers. These can create robust, tough to break passwords for users, as well as alerting them should any passwords be breached.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Jack is the Deputy Editor for He has over 15 years experience in publishing, having covered both consumer and business technology extensively, including both in print and online. Jack has also led on investigations on topical tech issues, from privacy to price gouging. He has a strong background in research-based content, working with organisations globally, and has also been a member of government advisory committees on tech matters.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals