As reported by ZDNet, some security researchers believe the group may have taken their own websites down, either because of internal squabbles or fear over increased law enforcement scrutiny, while others think it may be the result of official actions taken by government agencies.
Allan Liska, a ransomware expert and CSIRT at Recorded Future said that the REvil websites went offline July 13th at approximately 01:00 AM EST, which is 08:00 AM Moscow time.
So far, the FBI has declined to comment regarding the shutdown of REvil’s servers.
Two weeks ago, we reported that another supply chain vulnerability was successfully exploited by the REvil ransomware gang in order to target thousands of businesses through the initial infected host. The entry point was the Managed Service Provider (MSP) Kaseya VSA, a cloud-based platform that allows its customers to perform patch management and client monitoring.
This led to the most significant ransomware attack in history. The data of 60 customers, plus around 1,500 downstream businesses have been impacted by the attack.
REvil initially decided that the price for decrypting all systems would be $70 million in Bitcoin in exchange for the tool that allows all affected businesses to recover their files, but later dropped the ransom to $50 million.
So far, it’s not clear whether REvil shut down its servers for technical reasons, if the gang shut down their operation, or if a Russian or USA law enforcement operation took place.
Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.