REvil ransomware websites go offline, and no one is sure exactly why
All of the known websites associated with hacking group REvil have gone offline on the dark web—four days after President Joe Biden urged Russian President Vladimir Putin to take action to disrupt ransomware groups operating in Russia.
Ransomware specialist Lawrence Abrams was the first to note the status of the group’s sites, adding that the outage spread to REvil’s payments site and data leaks site. The ransomware group’s public representative—called “Unknown”—has also gone silent.
REvil is a Russia-linked hacking group that was suspected of masterminding the ransomware attack on business software company Kaseya earlier this month as well as other companies earlier in the year, including meat supplier JBS. Its name is an amalgam of “ransomware” and “evil.”
The exact reason for the outage is less clear, though. Ransomware groups will sometimes go offline for periods, only to return without warning. U.S. officials, though, have threatened to take action against the group in a variety of ways.
REvil is unusual in that it acts more like a business, selling hacking technology and other tools to third-party hackers, then takes about 20% of any ransomware payments those hackers collect. It often takes payments in Bitcoin, rather than the cryptocurrency Monero, which is considered to be more difficult to trace.
Financially motivated hacking groups are especially worrisome to security experts, who say they do not operate under the unwritten rules of hackers, like avoiding hacks that could endanger people’s lives, such as an attack on hospital systems.
Security analysts are stressing that the disappearance of the websites is interesting, but that without additional context, it could mean almost anything.
“Different groups have historically had stability woes, which isn’t surprising given the way they operate,” said security expert and independent researcher Kevin Beaumont in a series of tweets. “While it’s possible it’s law enforcement, it’s also very possible they’ve had an internal falling out again (another admin pulled plug), hardware failures, etc. Ransomware groups also frequently ‘disappear’ or ‘quit’ and then reappear with new branding. Time will tell basically. It’s far too early to know.”
More must-read tech coverage from Fortune:
- Iran, Facebook, and Alipay: Why Europe is building another payments network even though it doesn’t need one
- Everything to know about Richard Branson’s historic Virgin Galactic space flight
- Commentary: 3 principles for protecting the world from A.I. bias
- Verizon begins blocking spoofed “local” robcalls
- What Biden’s “right to repair” order could mean for Apple and Tesla
Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning.