Malicious cyber group REvil, one of the most famous attack groups in the world, behind a series of ransomware attacks against leading companies, has resumed its activities after disappearing under the radar about two months ago. Bleeping Computer’s website reported that the group had posted stolen data files to a data leak site on the dark web in the past few days.
REvil, which is behind cyberattacks like the one against the giant meat supplier JBS, shut down after a massive attack in July – in which around 1,500 companies in dozen of countries were hit – against Kaseya’s systems, which deal with remote computer management. The group asked for a $ 50 million ransom, which Kaseya did not pay. Ultimately, the group provided the decryption keys and, as mentioned, disappeared from the dark web.
The members of the group are Russian-speaking, and according to one prevailing theory, they operate from Russian territory, possibly with the Russian government cooperating or turning a blind eye. After the attack on Kaseya, US President Joe Biden spoke to his Russian counterpart Vladimir Putin and urged him to take measures to stop the activities of hackers from Russian territory. A month earlier, the two had met for the first time since Biden took office as president and talked in detail about the cyber field. Biden accused Putin of being liberal with the malicious groups and promised an American response to any attack.
After the group’s activities ceased, cyber researchers raised the possibility that there had indeed been action by Russia, or perhaps the Americans, to stop them. In an interview with the Politico website, a senior American official who spoke on condition of anonymity claimed: “We have certainly noticed that (REvil) has ceased operations. We do not know exactly why.” When asked if Russia was behind it, he replied: “It is possible, I think. Again, we do not know exactly why they resigned.” After the resumption of activities became known last Thursday, the US “cyber tsar”, National Cyber Director Chris Inglis, said it was too early to know for sure whether the Russian ransomware groups were attacking American targets have set.
#surprise #disappearance #malicious #cyber #group #REvil #resumes #activities