Trustwave analyzed dark web chatter on the underground hacking forums and discovered that cybercriminals were anxious after the Russian FSB arrested 14 REvil ransomware gang members.
The REvil ransomware gang has been a point of special focus for international law enforcement and possibly been dealt a fatal blow as Russian authorities have rounded up 14 members residing in the country.
The US authorities offered a $10 million reward for information to identify or locate REvil and DarkSide ransomware gang leaders, and $5 million for their affiliates preparing attacks.
After its infrastructure went offline in October, there was widespread speculation that the REvil ransomware group was done for good. The likelihood of that increased with last week's apprehension of affiliates along with the seizure of $6.1 million.
Collaborative international law enforcement effort appears to have at least temporarily crippled the notorious REvil ransomware gang, taking the group's Tor sites and dark web infrastructure off the internet and putting it beyond reach.
The REvil ransomware has become something of a cybersecurity household name but it may be losing some business now that a disgruntled former client has leaked code demonstrating that the group can backdoor its own customers.
In mid-July the REvil ransomware group, linked to the Kaseya and JBS incidents among other attacks, appeared to go out of business. It turns out they may have just been taking a refreshing summer break.
After the breach of Kaseya and thousands of clients downstream from it by REvil ransomware, the perpetrators disappeared abruptly but Kaseya appears to have received a decryption key nearly three weeks into the attack.
REvil ransomware gang, implicated in the high-profile attacks on JBS and Kaseya, seems to have very suddenly disappeared from the internet. The group has even closed up pages advertising its services on the dark web.
Acer reportedly suffered a REvil ransomware attack. The threat actors posted some files as proof and demanded the highest recorded ransom payment of $50 million in Monero.