The REvil gang is one of the leading cybercrime organizations that repeatedly attracted attention with spectacular coups. It was only in June that they pressed 11 million ransom money in Bitcoin from the world’s largest meat company JBS. In the last few weeks they hijacked the data of over a thousand companies with a supply chain attack using the Kaseya VSA management software, claiming 70 million. And suddenly there is radio silence!
Neither the “Happy Blog”, the Tor-Onion-Site, through which the blackmailers spread their messages and stolen data, nor the payment infrastructure are accessible. From one day to the next, without further comment. The gang member “Unkown”, who was active in various forums, maintained contacts with the press and even gave interviews, has also fallen silent. There is a lot of speculation, but ultimately nobody really knows what happened there.
From president to president
US President Biden had previously urged the Russian head of state Putin to take more consistent action against cybercrime and, in particular, against REvil. At the same time, he made it clear that the US would take “any necessary measure” to protect itself. So it may well be that Russian law enforcement officers increased the pressure or that American authorities flexed their cyber muscles to cripple REvil’s infrastructure. Or both.
The most likely thing is that the criminals got too hot underfoot in the face of increasing pressure and that they take a break – summer vacation, so to speak, to enjoy the loot of millions in peace. Something similar happened in May when the Darkside gang suddenly disappeared after causing international tensions with the attack on colonial pipelines.
Russian cyber mafia
Cybercrime experts locate both gangs in the Russian sphere of influence, even if they consider direct state control, as is assumed by groups like Fancy Bear, to be rather unlikely. Rather, REvil and Darkside are probably mafia-like, organized crime, which, however, benefits from good connections and thus a certain protection in the CIS countries.
However, it is more than unlikely that the danger posed by REvil would be over once it disappeared. The gang allegedly retired in 2019 after raising millions with the Gandcrab blackmail Trojan. Only to reappear a little later in a new formation with the new REvil software.