Ransomware Giant REvil Disappears From Internet For Reasons Still Unknown

July 14, 2021

By a Biometrica staffer

Multiple news sites began reporting on Tuesday, July 13, that REvil, the Russia-based group responsible for one of the largest ransomware attacks in history, had gone dark. There is no indication as of yet as to why the group went offline, or whether the move was engineered by law enforcement.

REvil was pinpointed as the organization behind the attack early in July, on Kaseya, a prominent company in the supply chain and IT infrastructure spaces, which incapacitated over 1,500 businesses worldwide. They were also behind the strike in May against the U.S.’ largest meat-packing plant, JBS.

Several high-profile ransomware attacks have gained public attention recently, especially the incident in April when hackers shut down Colonial Pipeline, the nation’s largest fuel supplying pipeline, causing widespread shortages in the southeast United States. This prompted President Joe Biden to issue an executive order prioritizing the threat posed by cybercrime and directing his administration to develop better infrastructure to combat that danger. 

According to intelligence officials, a large number of the recent attacks apparently have ties to Russian or Eastern European countries. Since the Kaseya attack, the pressure on President Biden has been ramping up, amid calls for his administration to take a firmer stance and more decisive actions against Russian involvement in these attacks. As recently as Friday, July 9, President Biden warned Russian premier Vladimir Putin that if he does not take steps to curb such activities in Russia, the U.S. has the right to retaliate and “defend its people and critical infrastructure from attacks,”

When approached by the press in regards to REvil’s apparent disappearance, the White House and Pentagon declined to comment. Experts say it is too early to speculate on the motivating factors behind the takedown or even whether it is permanent. They say that it is possible that the recent attention shed on REvil has prompted the criminal organization to switch its methodology and rebrand before popping up again.

Security firm Chainalysis says that in 2020 alone, criminals earned around $350 million from ransom payments — an increase of 311% over a year. Similarly, Palo Alto Networks says that the average ransom paid in such attacks rose 171%. Another study found that the toll taken by cybercrimes (including online payment fraud schemes, ransomware attacks, and cryptocurrency scams) on organizations amounts to roughly $1.79 million lost every minute, with around 650 cyberthreats made every 60 seconds.

Some national security experts opine that cybercrime is escalating to the level of being a serious national security threat — the next frontier in global conflict. Indeed, in June, FBI Director Christopher Wray said that the increasingly commonplace ransomware attacks witnessed by the U.S. pose a serious defense challenge and bear similarities to 9/11.

In a similar vein, the Secretary of INTERPOL on Monday, July 12, called for police and private entities to come together to stall what he termed a “potential ransomware pandemic.” At a high-level forum organized by the agency, Jürgen Stock said to be truly effective in combating ransomware attacks, it is necessary for all stakeholders to collaborate in a manner similar to how the world handles terrorism, human trafficking, and organized crime.

“Despite the severity of their crimes, ransomware criminals are continuously adapting their tactics, operating free of borders and with near impunity,” said Secretary General Stock. He added, “Ransomware has become too large of a threat for any entity or sector to address alone; the magnitude of this challenge urgently demands united global action.”