REvil ransomware group busted in raids, says Russia
US officials have said the Kremlin may shut down hacker groups like REvil, but tolerate or even encourage them, as long as their targets are outside of Russia.
In July, following President Biden’s ultimatum, REvil went offline, fueling speculation as to whether the Kremlin had ordered the group to shut up, or whether the United States or its allies had succeeded in disrupting its operations, or if the group itself had decided to hide, fearing that the heat had become too intense.
However, it resurfaced two months later, reactivating a portal used by victims to make payments. In October it was again forced offline, temporarily, by a counter-piracy effort mounted by the governments of several countries, including the United States.
REvil, short for “ransomware evil”, has been one of the most notorious ransomware hacking groups wanted by US law enforcement. Ransomware groups hijack a victim’s computer system and encrypt their data, effectively locking out owners and extorting money – sometimes millions of dollars, paid in cryptocurrency – in exchange for reversing the encryption.
What to know about ransomware attacks
US intelligence agencies have identified REvil as responsible for the attack on one of the largest US beef producers, JBS, last June, forcing the closure of nine beef plants. In the end, JBS said they paid a ransom of $11 million in Bitcoin. The Colonial Pipeline operator paid nearly $5 million in Bitcoin.
REvil also took credit for what was described as the biggest ransomware hack ever in July, affecting up to 1,500 businesses worldwide.
The organization bragged about its attacks on its site – called “Happy Blog” – on the dark web, where it listed some of its victims and the earnings from its digital extortion schemes.