‘United States takes REvil group offline together with other countries’ – Computer – News

The United States, together with other countries, took ransomware group REvil offline in a hack attack. The FBI, the Secret Service and the United States Department of Defense, among others, participated in the attack. A REvil member has confirmed the attack.

Reuters writes about the attack from multiple sources inside and outside the US government. According to the sources, the US and other countries forced the ransomware group offline earlier this week. The Happy Blog website, where REvil leaks data from hacked companies and blackmails companies, would no longer be accessible.

The US previously gained access to REvil’s network infrastructure, taking control of at least some of its servers. In this earlier attack did the FBI gain access to the decryptor for the group’s ransomware. The FBI received this information in early July, but did not disclose it until late September. At the beginning of July, the service was already working on an operation to take REvil offline, but stopped when REvil suddenly went offline in mid-July.

Last month, REvil’s servers went back online and resumed their hacking activities. However, this reboot also used servers that had already been taken over by the FBI, the sources told the news agency. Thus, the US and the unnamed other countries could continue with their operation to take REvil offline. According to one of the sources, the mission against REvil is still ongoing. REvil member 0_neday said last weekend that REvil’s server has been compromised and the attackers are looking for him or her.

REvil is mainly known for the attack on software supplier Kaseya. This company makes software for companies that provide ICT management to smaller organizations. Through the attack on Kaseya, the company managed to infect at least a thousand other companies. Tweakers wrote a background article earlier about the attack on Kaseya.

–