Notorious ransomware group 'REvil' was hacked and forced offline this week as part of a joint operation by multiple countries, including the United States. The group is said to be responsible for the cyber-attack on the Colonial Pipeline earlier this year. It has also been in the crosshairs of the FBI and US law-enforcement agencies for a while. Operations against the gang have been gaining steam. The Colonial Pipeline was hacked earlier this year in a major attack that forced the company to shut down all operations, creating a massive fuel shortage across vast parts of the United States, especially in the Southeast.
Believed to be aligned with Russian interests, REvil is one of the most notorious cyber-crime groups known to be working against the US and other Western nations. According to cyber-security experts, the group runs a private ransomware-as-a-service (RaaS) operation and is led primarily by Russia-based or at least Russian-speaking cyber-criminals. The group is also believed to be behind the hacking of the American software company Kaseya in July 2021, causing widespread downtime for more than 1,000 companies worldwide.
Tom Kellermann, the head of security at VMware and an adviser to the US Secret Service on cyber-crime investigations, spoke to Reuters about the US government operation. He said that the FBI's action against REvil was undertaken "in conjunction with Cyber Command, the Secret Service and like-minded countries." According to him, REvil was at the top of the list of cyber-crime groups the US government has been working against in collaboration with its international partners. REvil has also seemingly confirmed the hack, with one of its alleged leadership figures, known online as "0_neday," saying that an unknown party has hacked the group's servers.
Operations Against REvil Escalated After The Kaseya Hack In July
According to sources quoted by Reuters, the FBI escalated operations against REvil after the aforementioned Kaseya hack earlier this year. Barely days after that attack, US cyber-security experts were able to hack into REvil's network infrastructure and obtain control of at least some of its servers, forcing the group's websites offline. The websites were reportedly restored last month as part of REvil's efforts to get back to its nefarious ways, but the restoration also allowed the US law enforcement to restart its operations against the gang, culminating in the latest development.
The FBI declined to comment on the issue, as did a spokesperson for the White House National Security Council. However, the latter did confirm that the authorities are carrying out operations against ransomware groups in collaboration with the private sector and are "building an international coalition to hold countries who harbor ransom actors accountable."
Source: Reuters