From MIT's Technology Review, July 13:
The shutdown comes one day before US and Russian officials meet to talk about the ransomware crisis.
One of the most prolific ransomware gangs in the world suddenly disappeared from the internet on Tuesday morning. The unexplained exodus comes just one day before senior officials from the White House and Russia are scheduled to meet to discuss the global ransomware crisis.
The ransomware crew known as REvil has existed for years in the booming cybercrime underground. A whopping 42% of all recent ransomware attacks trace back to this gang, but they're known for two hacks in particular. Earlier this month, the gang hit at least 1,000 businesses by attacking the software company Kaseya. It was one of the widest ransomware campaigns ever conducted. And last month, REvil hit the meat supplier JBS and demanded payment of $11 million. Even as world leaders turned their attention to ransomware and threatened action, REvil was defiant—until now.
“It’s a bit of a mess as we scramble to figure out what’s happening,” says Allan Liska, senior threat analyst at the security firm Recorded Future. “We’re cautiously optimistic that one of the biggest gangs out there is done.”
There are a few possible explanations for what caused today’s shutdown. First, the gang itself may have chosen to retire if they’ve made enough money or felt too much pressure. The United States or its allies may have successfully taken them offline. Or the Russian government, under international scrutiny, may have forced them to shut down. Their disappearance could also be temporary—many cybercriminals pretend to "retire" before eventually reappearing under new identities.
“We recommend not jumping to any immediate conclusions as it’s early, but REvil is, indeed, one of the most ruthless and creative ransomware gangs we’ve ever seen,” says Ekram Ahmed, a spokesperson at Check Point Software.
The answer is unclear and the broader problem of ransomware still looms large.
“I don't know what this means, but regardless, I'm happy!” tweeted Katie Nickels, director of intelligence at the US firm Red Canary. “If it's a government takedown - awesome, they're taking action. If the actors voluntarily went quiet - excellent, maybe they're scared. It's still important to remember that this doesn't solve ransomware.”....
....MUCH MORE
"US companies hit by 'colossal' cyber-attack"
"How to Negotiate with Ransomware Hackers"
I haven't mentioned Arkady Katkov in a while, his story after the jump....
"Money-go-round: The booming cottage industry behind ransomware"
"CNA Financial reportedly paid $40 million to resolve a ransomware attack"
....The company fell victim to Phoenix Locker, an offshoot of the Hades ransomware created by infamous Russian cybercrime operation Evil Corp. Some security researchers believe Evil Corp is also behind WastedLocker, the malware linked to last year's Garmin ransomware attack. In 2019, the US Treasury Department sanctioned the group for its activities. It's unclear if Phoenix, the group behind the CNA attack, is affiliated with Evil Corp...."DarkSide Ransomware has Netted Over $90 million in Bitcoin" (Colonial Pipeline et al.)
"Chemical distributor pays $4.4 million to DarkSide ransomware"
Meanwhile, At Colonial Pipeline: Job Opening, Manager Cyber Security
