US officials have said the Kremlin could shut down hacker groups like REvil, but tolerate or even encourage them as long as their targets are outside of Russia.
In July, following President Biden’s ultimatum, REvil went offline, fueling speculation about whether the Kremlin had ordered the group to shut down, whether the United States or its allies had managed to disrupt its operations, or whether the group itself had decided to go underground. worried that the heat had become too intense.
Two months later, however, it resurfaced, re-activating a portal that victims use to make payments. In October, it was again temporarily forced offline by a counter-attack by the governments of several countries, including the United States.
REvil, short for “ransomware evil”, is one of the most infamous ransomware hacking groups US law enforcement has been looking for. Ransomware groups hack into a victim’s computer system and encrypt the data, effectively locking out the owners and extorting them for money — sometimes millions of dollars, paid in cryptocurrency — in exchange for rolling back the encryption.
What you need to know about ransomware attacks
US intelligence agencies have identified REvil as responsible for the attack on one of America’s largest beef producers, JBS, last June, which forced nine beef factories to close. In the end, JBS said it had paid a ransom of $11 million in Bitcoin. The operator of the Colonial Pipeline paid nearly $5 million in Bitcoin.
REvil also took credit for what was described in July as the largest ransomware hack ever, affecting up to 1,500 companies worldwide.
The organization boasted of its attacks on its site – called “Happy Blog” – on the dark web, where it listed some of its victims and revenue from its digital extortion schemes.