Notorious REvil Black Hat Hacking Group Mysteriously Goes Offline After Kaseya Attack
It appears that REvil, the threat actor group behind attacks on JBS Global and Kaseya, among others, has gone dark. While this could be a good thing, it may not be worth holding your breath as there are other explanations for REvil “disappearing” in the short term.
Prior to the July 4th holiday in the United States, REvil executed an attack on Kaseya, a management software company based out of Florida. This led to upwards of 1,500 businesses downstream having their files encrypted and held for ransom by the threat actor group’s ransomware. With this rise in attacks, the Biden administration has seemingly put cybersecurity as a priority.
Less than a day ago, BleepingComputer’s Lawrence Abrams reported on Twitter that all REvil sites were down, “including the payment sites and data leak site,” which has since been confirmed. Further, the purported spokesperson for REvil, Unknown, was incredibly silent up until the account was banned from popular Russian-speaking hacking forum XSS.
Initially, people believed that this was just part of the ebb and flow of hacking groups as sites would go offline and return elsewhere. This would be partly because of the "business" these groups run, leading web hosts to be wary of keeping these ransomware websites online. However, the consensus began to pivot when more REvil infrastructure went offline, and there was silence from the group.
Abrams further reported that a representative for LockBit ransomware claimed that the authorities went after one of REvil’s servers which was then erased. However, it is still unknown who is behind this if the report is accurate. At present, U.S law enforcement agencies have not commented on the situation, but the operation may still be ongoing, and thus they cannot. Alternatively, REVil did have one of its servers seized and has since gone underground to avoid the law. This could also mean that we will see REvil return as a rebranded group, as has happened in the past with other groups.
If REVil disappearing was the work of the United States or potentially Russian law enforcement, hopefully, we will have clarification soon. Otherwise, it is likely things will remain quiet until REvil, or a reformed-REvil appears online again. We will have to wait and see, so keep an eye on HotHardware for this developing situation.