The disappearance of REvil

The hacker group REvil, which recently made headlines with two major ransomware attacks, has abruptly disappeared from the network. Among other things, the website through which REvil kept contact with the victims of its attacks went offline on Tuesday, IT security experts reported. The reasons for this initially remained unclear. The group is located by experts in Russia.

U.S. President Joe Biden had threatened consequences last week after talks with Russian President Vladimir Putin if the government in Moscow does not take action against criminal hackers on its soil.

Attacks using extortion software – also known as ransomware – encrypt data on computers, and the hackers demand money for its release. REvil was most recently behind the attack on U.S. IT services provider Kaseya, which affected computers at dozens of customers, according to experts.

A few weeks earlier, REvil software paralyzed several plants of the world’s largest meat company, JBS – and collected $11 million (9.3 million euros) in cryptocurrency ransom from the company. In the Kaseya attack, the hackers demanded $70 million on their darknet website for a master key to all affected computers.

Now the REvil website is down and the server behind it appears to be off the grid, Sean Gallagher of IT security firm Sophos, among others, told industry service The Register. Security researcher Allan Liska of Recorded Future told financial news service Bloomberg that REvil’s entire infrastructure was offline.

Recently, the online presence of the hacking group Darkside, also believed to be based in Russia, had also disappeared. The hackers had extorted around $4.4 million in cryptocurrencies with a cyberattack on an important American gasoline pipeline. However, a good half of it was seized by the US Federal Bureau of Investigation (FBI) a short time later.