The webs managed on the dark internet by the cybercriminal group REvil, responsible for a gigantic attack of ramsonware which has affected hundreds of companies around the world in recent days, became suddenly inaccessible on Tuesday, according to several cybersecurity experts. The incident comes after US President Joe Biden suggested last Friday that his country could crack down on attacks carried out from Russian servers.
The cybercriminal group, also known as Sodinokibi, had collected tens of millions of dollars in ransom payments in exchange for restoring sabotaged computer systems, Reuters reported. The attack began on July 2 when hackers infiltrated technology company Kaseya, which provides network management services, and used its systems to spread the malicious program. The virus has since reached between 800 and 1,500 companies, mostly in the United States. The ransomware it is a kind of software malicious software that restricts access to a computer system until a ransom is paid.
The New York Times establishes three hypotheses about the sudden disappearance of the pages of REvil. The first is that President Biden has ordered the United States cyber command, which works with agencies such as the FBI, to take down the pages of the cybercriminal group. The second is that the blackout of the websites has been ordered by Russian President Vladimir Putin, as a gesture after Biden’s warnings, and on the eve of a bilateral commission to discuss cyberattacks. The third is that the criminal group itself has decided to temporarily erase itself from the internet so as not to fall into the crossfire between the two presidents. This is what DarkSide, another group based in Russia, did, responsible for the attack on the Colonial Pipeline oil pipeline that paralyzed much of the fuel supply on the US east coast last May.
Kurtis Minder, founder of the cybersecurity firm GroupSense, said that if the blackout of the pages was due to an action by the United States, that would raise some worrisome questions. “If it was an organized cyber offensive, I hope they have considered the possible collateral damage,” he said in statements quoted by Reuters. Cybercriminals seize the keys to their victims’ encrypted data and if these keys have been lost or destroyed “many companies will have a hard time recovering.”
“There are indications that REvil was the victim of the planned dismantling of its infrastructure, either by the operators themselves, or by the industry, or by the authorities,” said John Hultquist, from the Mandiant Threat Intelligence company, in a message. to AFP. A recent report from IBM Security X-Force identified Sodinokibi as the most powerful group of cybercriminals in the world. ransomware, and attributed 29% of these cyber attacks in 2020.