[ad_1]
Darkweb sites linked to the REvil ransomware gang were not working on Tuesday morning, CNBC confirmed.
It’s unclear what led to the shutdown of the ransomware-as-service group’s websites on Tuesday.
Visitors to the sites, which were recently active, were greeted with messages saying: “A server with the specified hostname could not be found.”
The demise of public sites affiliated with Russia-linked REvil, also known as Sodinokibi, follows an international ransomware outbreak on July 2 for which the group took credit.
Last Friday, a reporter asked President Joe Biden if it made “sense” for the United States to attack computer servers that have hosted ransomware attacks.
“Yes,” Biden replied.
Later that day, a National Security Council official told reporters that U.S. authorities expect to take action against the ransomware groups soon.
“We are not going to wire precisely what these actions will be,” the official said.
“Some of them will be obvious and visible, others may not be. But we expect them to occur in the days and weeks to come.”
John Hultquist of Mandiant Threat Intelligence told CNBC on Tuesday: “It may be too early to determine what is going on, and if this is any operation, all the details may never be revealed.”
“Either way, it’s good to see REvil upset,” Hultquist added.
In addition to the July 2 attack, the REvil group also reportedly recently attacked computers owned by JBS, forcing the world’s largest meat-packing company to shut down operations in the United States for a day in June, and also disrupted its operations in Australia.
JBS paid the equivalent of $ 11 million in ransom for the gang to call off the attack.
Lawrence Abrams of Bleeping Computer tweeted earlier Tuesday that the REvil sites were down
Several cybersecurity officials subsequently confirmed this report to CNBC.
Ransomware attacks involve malware that encrypts files on a device or network, rendering the system unusable. The criminals behind these types of cyber attacks usually demand payment in exchange for the publication of data.
The FBI has previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.
The latest ransomware attack, disclosed earlier this month by Florida-based software provider Kaseya, has spread to at least six European countries and penetrated the networks of thousands of people across the United States.
In May, a hacking group known as DarkSide with suspected links to Russian criminals launched a ransomware attack on Colonial Pipeline, forcing the US company to shut down approximately 5,500 miles of pipeline.
This has resulted in an interruption of nearly half of the east coast’s fuel supply and caused gasoline shortages in the southeast and airline disruptions. Colonial Pipeline paid the cybercriminals $ 5 million in ransom in order to restart operations.
A few weeks after the attack, US law enforcement was able to recover $ 2.3 million in bitcoins from the hacker group.
[ad_2]
Source link