RIP REvil? Notorious Russian cyber group reportedly taken down by law enforcement officials

By Explorer -

In May, REvil attacked JBS and forced it to pay $11 million in ransom. The name REvil is an amalgam of the words Ransomware and Evil. REvil only provides RaaS (Ransomware as a service) and does not hack systems itself.
 

One of the world's most notorious ransomware gangs, REvil. has reportedly been taken down as part of a multi-nation security operation. The report also claims that law enforcement officials, cybersecurity experts from the US and other countries were behind taking control of the group's accounts.

Here's what happened:

Security expert Dmitry Smilyanets had earlier shared a post by a REvil operator in the XSS forum. 

The post, by the username '0_neday', describes what's been going on with the group. He said only two members in the REvil gang, himself and another user named 'Unknown', had the REvil's domain keys. But Unknown has been inactive since July leading them to believe that he had died. 

But someone mysteriously accessed the REvil domain using Unknown's credentials. 

0_neday also alleged that the person who had accessed the domain were looking for him. They even deleted the path to his hidden service and created a new one so that he would walk into it and get caught. 

The latest report confirms that the 'mysterious' access was by none other than law enforcement officials who later forced REvil's servers offline. 

There are claims that REvil is state-sponsored by Russia, but its actions suggest otherwise. 

Unlike state-sponsored groups, REvil is motivated by financial profits and flexing about the level of damage it can cause rather than slyly exfiltrating confidential data.

Deja Vu

Incidentally, the group was reported to have been hacked and taken offline by law enforcement officials in July this year after an hour-long phone call between US President with his Russian counterpart Vladimir Putin. But turns out, the group did make a comeback later as predicted by News9.

Also Read: Is REvil really gone?

But there is another theory to this. The REvil incident in July could've been orchestrated by law enforcement officials. 

"Its highly possible that the access to Revil servers were with the law enforcement since it went down in July," says TechniSanct CEO and Cybersecurity researcher Nandakishore Harikumar.
"We know that one of their guys is still active, If he is not arrested and servers and law enforcement officials don't go deep into the network, it is highly possible that the group would come back rebranded, as they have done before," he added. 

REvil attack timeline: 2021

Revil had been upgrading its tools recently and has carried out at least one major attack every month between March and July this year. 

In March this year, it attacked the Harris Foundation – affecting 37,000 students. The group also claimed to have attacked Acer in the same month. 

In April, the group claimed to have stolen plans about Apple's upcoming product launches from Quanta computer and demanded $50 million. 

In May, the same group attacked the world's largest meat processor JBS which ended up paying $11 million in ransom. Encryption software DarkSide allegedly developed by Revil, or its offshoot gang was also used in the Colonial Pipeline cyberattack that crippled gas supply in the U.S. East Coast. 

In June, American power generation and operations company Invenergy was attacked and REvil claimed responsibility for it. 

The biggest attack by the company was in July when it dropped its malware into hundreds of systems by infiltrating Kaseya desktop management software. 

Just a few days later, on July 7, the gang attacked the systems of American weapons technology contractor HX5 which deals with the US Army, Navy, Air Force and NASA.

What is REvil? How does it operate? 

REvil – an amalgam of Ransomware and Evil was the name under which a group of high-tech had been operating for the past couple of years. 

Contrary to popular belief, groups like REvil only provide RAAS (Ransomware as a service) and do not hack systems themselves. They develop malware and offer it to affiliates who do the dirty work of installing it on the victim's system. Think of it like a drug lord hiring local peddlers to do the groundwork but in this case, the affiliates take home 80% of the earnings while groups like REvil keep the remaining 20%. 

Source: https://www.news9live.com/technology/cyber-security/rip-revil-notorious-russian-cyber-group-reportedly-taken-down-by-law-enforcement-officials-128032

Comments

Post a Comment

Popular posts from this blog

How a cyber attack hampered Hong Kong protesters

By Explorer -
Image
Massive public protests taking place in Hong Kong over the past week are aimed at a new extradition law, known as the Fugitive Offenders Ordinance , that would see accused criminals extradited to mainland China to face prosecution. Hongkongers feel the law could be used to legalise the kidnapping of people who express views, and act in ways, that are not popular with the Chinese government . The same law could also be used to extradite tourists and visitors to China who are arrested on suspicion of having committed these crimes. Protesters want the bill scrapped. For now, debate of the legislation has been postponed . Organisers say one million people turned out for the protests, while police estimate the number was around 240,000. Either way, it was a significant number of Hong Kong’s 7.5 million population. Commentators on Twitter remarked on how well organised the protesters were. So, how did they do it? Protesters across the world are using n
Read more

‘Not Hospital, Al-Shifa is Hamas Hideout & HQ in Gaza’: Israel Releases ‘Terrorists’ Confessions’ | Exclusive

By Explorer -
 According to a video of interrogation of "Hamas terrorists" released by Israel Security Agency Shin Bet, accessed exclusively by News18, "The Shifa hospital has been made with many considerations as Hamas knew that medical places won’t be attacked by the enemy. Equipment, explosives and other material has been kept there." Hamas is using hospitals in Gaza as covers and have turned them into ammunition depots, according to a video of interrogation of “Hamas terrorists" released by  Israel Security Agency  Shin Bet, accessed exclusively by News18. ALSO READ | Israel-Hamas War LIVE Updates  HERE The Israeli military has claimed that those featuring in the video released on Saturday are Hamas terrorists, who participated in the  October 7 attack  on Israel. “Most of the tunnels are hidden in hospitals. There are multiple underground levels. Al-Shifa Hospital is not small, it is a big place that can be used to hide things," a man is seen saying. “The Al-Shifa
Read more

Islam Has Massacred Over 669+ Million Non-Muslims Since 622AD

By Explorer -
Image
In fact, no ideology has been as genocidal as Islam… Islam has killed more than 5 times the number of people killed by communism. In the total numbers we have updated over 80 million Christians killed by Muslims in 500 years in the Balkan states, Hungary, Ukraine, Russia. Then we have India. The official estimate number of Muslim slaughters of Hindus is 80 million. However, Muslim historian Firistha (b. 1570) wrote (in either Tarikh-i Firishta or  the Gulshan-i Ibrahim) that Muslims slaughtered over 400 million Hindus up to the peak of Islamic rule of India, bringing the Hindu population down from 600 mil to 200 million at the time. With these new additions the Muslim genocide of non-Muslims since the birth of Mohammed would be  over 669 million murders. Islam: The Religion of Genocide Perspective:   Think the Spanish inquisition was bad? More people are killed by Islamists each year than in all 350 years of the Spanish Inquisition* combined. The Spanish inquisition ( Tribunal del Sant
Read more