The REvil ransomware gang has been a point of special focus for international law enforcement and possibly been dealt a fatal blow as Russian authorities have rounded up 14 members residing in the country.
Acer reportedly suffered a REvil ransomware attack. The threat actors posted some files as proof and demanded the highest recorded ransom payment of $50 million in Monero.
After its infrastructure went offline in October, there was widespread speculation that the REvil ransomware group was done for good. The likelihood of that increased with last week's apprehension of affiliates along with the seizure of $6.1 million.
In mid-July the REvil ransomware group, linked to the Kaseya and JBS incidents among other attacks, appeared to go out of business. It turns out they may have just been taking a refreshing summer break.
Trustwave analyzed dark web chatter on the underground hacking forums and discovered that cybercriminals were anxious after the Russian FSB arrested 14 REvil ransomware gang members.
The REvil ransomware has become something of a cybersecurity household name but it may be losing some business now that a disgruntled former client has leaked code demonstrating that the group can backdoor its own customers.
After the breach of Kaseya and thousands of clients downstream from it by REvil ransomware, the perpetrators disappeared abruptly but Kaseya appears to have received a decryption key nearly three weeks into the attack.
Collaborative international law enforcement effort appears to have at least temporarily crippled the notorious REvil ransomware gang, taking the group's Tor sites and dark web infrastructure off the internet and putting it beyond reach.
REvil Ransomware operators deposited $1 million in Bitcoins on a Russian-speaking hacker forum to recruit hackers to work as affiliates earning 70-80% commission.
REvil ransomware gang, implicated in the high-profile attacks on JBS and Kaseya, seems to have very suddenly disappeared from the internet. The group has even closed up pages advertising its services on the dark web.
