Websites for the Russia-based REvil ransomware gang, both on the dark web and the normal web, have gone offline.
All of REvil online presence, including its ransom negotiating portal, the website where it shares exfiltrated data, and a blog it used to boast about its latest exploits, have all been knocked offline.
According to cybersecurity experts, most other threat actors have a tendency to occasionally cycle the connectivity of their online infrastructure. However, the comprehensive shutdown does seem unusual and is perhaps the result of action by law enforcement agencies.
- These are the best ransomware protection tools
- Here's our choice of the best malware removal software on the market
- We've put together a list of the best endpoint protection software
Government action?
REvil has been behind some of the most extravagant ransomware operations of late including the one against managed service providers (MSP) by exploiting a vulnerability in the Kaseya VSA remote management software to infect thousands of computers around the world.
Action against Russia-based threat actors, such as REvil, featured prominently in the recent US-Russian Presidential talks in Geneva.
The BBC adds that US President Joe Biden said he raised the issue with his Russian counterpart, Vladimir Putin, again during a phone call last week, telling reporters that he "made it very clear to him...we expect them to act" against the threat actors while hinting that the US could take matters in its own hands if Russia fails to act.
The timing of the outage has sparked speculation that it could be the result of either the US or Russian officials tightening the noose around REvil, though there has been no official statement from any of the parties involved.
- Protect your devices with these best antivirus software
Via BBC
