Suspected Russian ransomware group REvil mysteriously went dark this week as cybercrime discussions between the US and the Kremlin reached boiling point.
Dark web pages belonging to the group disappeared on Tuesday, and while it’s not yet clear why or who’s responsible, the takedown comes hot on the heels of a number of high profile and lucrative attacks on US-based organisations.
As noted by CNBC, one site belonging to the group showed the message: “A server with the specified hostname could not be found.”
Biden putting Putin under pressure
Discussions between US President Joe Biden and Russian leader Vladimir Putin have been heating up after several large-scale ransomware attacks linked to the group.
- On July 2, REvil demanded $70 million after a cyber-attack on Miami-based software group Kaseya.
- Last Friday, Biden told Putin that the US was ready to take “any necessary action” to defend against cyberattacks.
- By Tuesday, several websites belonging to the group were offline.
One unnamed hacker apparently linked to REvil told the BBC US authorities managed to dismantle parts of their dark web sites and REvil shut down the rest.
The source also hints at Kremlin involvement, saying: “Russia is tired of the US and other countries crying to them.”
Nobody’s holding their hands up
According to the TASS news agency, the Putin administration didn’t deny that they were behind REvil’s tech issues at a press conference on Wednesday.
When asked who was responsible, press secretary Dmitry Peskov said: “I can’t answer your question because I don’t have that kind of information. I don’t know which group, where it disappeared from.”
No word yet from the White House, although Peskov conceded the two administrations are collaborating to tackle the wider ransomware issue.
“Yes, the process of bilateral consultations on this topic has begun,” he said (via TASS).
However, in a briefing on Wednesday, deputy national security adviser for cyber and emerging technology Anne Neuberger told Senators that the White House is gearing up to announce a government-backed ransomware task force.
Speaking to Politico an anonymous Senate aide said the ransomware taskforce is expected to launch defensive cyberattacks on bad actors, adding that it is also developing ways of stopping cryptocurrency payments to hackers.