Ransomware Group REvil Goes Dark

Published · Jul 20, 2021

Internet monitors have confirmed that websites run by the ransomware group REvil have gone offline. This includes a payment website used to extract ransoms and a blog for posting updates and instructions.

The pages became unreachable on July 13. The seeming disappearance of the group comes after growing pressure from the US on Russia to tighten cybersecurity. This, in turn, is a response to a hack over the 4th of July weekend perpetrated by REvil.

Since the group operates in Russian, it is speculated that it’s based in the country. With the Russian government stepping up control of its cyberspace, some speculate it was it that reined in REvil.

Others think the US government could somehow be responsible, as it gathers strength to tackle cybercrime. Just this year, a ransomware attack caused a state of emergency in several US states.

Cybersecurity experts believe REvil is an offshoot of a defunct hacking organization known as GandCrab. This is due to the fact that REvil became active soon after GandCrab disappeared and the two groups’ ransomware shares a lot of code.

If that’s the case, REvil or some of its members could resurface as a hacking organization under a new name.

Ransomware-as-a-service, where groups like REvil provide the code and affiliates spread it for a cut of the ransom, are extremely lucrative. For example, a ransom of $70,000,000 in Bitcoin was asked for in the 4th July weekend hack.

Of course, some of the affected groups are working on decrypting their data without paying the ransom or saving themselves through regular backups. With the payment sites going down, however, it’s uncertain what the outcome will be.

Garan van Rensburg
Garan van Rensburg

Garan is a writer interested in how tech reshapes the environment, and how the environment reshapes tech. You'll usually find him inoculating against future shock and arguing with bots.