In a welcome move, sources have confirmed that the recent troubles plaguing the notorious REvil ransomware operator are the result of a concerted effort by various cybersecurity agencies.
Reuters credits REvil’s latest disappearance to the US based on insights shared by three private sector cyber experts working with US security agencies and one former official.
VMware’s head of cybersecurity strategy Tom Kellermann, an advisor to the US Secret Service on cybercrime investigations, noted that REvil was a high priority target for the law enforcement and intelligence agencies.
"The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” Kellermann told Reuters.
Done and dusted
Earlier this week, REvil’s was forced to take down its online infrastructure, hosted on the dark web, in response to an unidentified party hijacking the gang’s domains.
The news of the hijack was shared by the gang’s official representative known as "0_neday," who reportedly was instrumental in restarting the group's operations after a similar shutdown earlier this year.
"The server was compromised, and they were looking for me," 0_neday wrote on a cybercrime forum.
REvil has been behind some of the most extravagant ransomware operations of late including the one against managed service providers (MSP) by exploiting a vulnerability in the Kaseya VSA remote management software to infect thousands of computers around the world.
Action against Russia-based threat actors, including REvil, featured prominently in the US-Russian Presidential talks in Geneva earlier this year.
US President Joe Biden has assured that cybersecurity is one of the top priorities for his administration. While his administration has announced several steps and measures to strengthen the cybersecurity posture, REvil’s take down is perhaps one of the boldest displays of its intent in its fight against ransomware.
