Advertisement
Advertisement
Cybersecurity
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Following multiple high-profile attacks from the Russian-linked hacking group REvil, US President Joe Biden warned Russian President Vladimir Putin to act against hackers in his country. Photo: AFP

Russian-linked hacking group REvil disappears from dark web after Biden warning

  • Web pages and payment portals for the group behind high-profile attacks on JBS and Kaseya have disappeared, but it’s unclear if law enforcement was involved
  • The outage comes days after US President Joe Biden warned Russian President Vladimir Putin to act against hackers in his country
The Russia-linked ransomware gang REvil has seemingly vanished from the dark web, where it maintains several pages documenting its activities including one called the “happy blog”.

It’s not yet known if the sites were down temporarily or if the group – or law enforcement – took its websites offline.

“It’s too early too tell, but I’ve never seen ALL of their infrastructure offline like this,” said Allan Liska, senior threat analyst at cybersecurity firm Recorded Future Inc, in a text message. “I can’t find any of their infrastructure online. Their extortion page is gone, all of their payment portals are offline, as is their chat function.” Liska said the websites went offline around 1am Eastern Time.

China drafts plan to grow its cybersecurity industry as threats grow

The sudden outage comes just days after President Joe Biden said he pressed Russian President Vladimir Putin to act against hackers in his country blamed for recent ransomware attacks.

“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it‘s not sponsored by the state, we expect him to act,” Biden told reporters.

Representatives from the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the White House didn’t immediately respond to a request for comment. Kremlin spokesman Dmitry Peskov declined to comment, saying he wasn’t aware of the outage.

On Monday, Peskov said Russia is awaiting detailed information from the US on alleged cyberattacks conducted from Russian territory. “You say that hackers attacked some companies on US territory from the territory of Russia, but at a minimum, you need to give some information about what the basis for those conclusions is,” he said. The White House has said it has shared information about criminal hackers with the Russian government.

01:40

Chinese PLA officers charged with stealing personal data of Americans in Equifax credit agency hack

Chinese PLA officers charged with stealing personal data of Americans in Equifax credit agency hack
REvil, which is suspected by cybersecurity firms and the US government of operating out of Russia, was accused of being behind an attack on giant meat supplier JBS SA, which eventually paid the group US$11 million ransom.
More recently, the group embarked on a wide-scale ransomware attack, which affected hundreds of companies globally. The hackers targeted software company Kaseya Ltd and its customers.

The Biden administration has made combating criminal hacking groups a top national security priority amid a sharp increase in ransomware attacks. DarkSide, the suspected Russian group accused of the ransomware attack on Colonial Pipeline Co, shut down its dark web pages afterward. It’s unclear if the group actually retired, or rebranded under a new name, according to cybersecurity experts.

Post