Websites for the Russia-based REvil ransomware gang, both on the dark web and the normal web, have gone offline.
All of REvil online presence, including its ransom negotiating portal, the website where it shares exfiltrated data, and a blog it used to boast about its latest exploits, have all been knocked offline.
According to cybersecurity experts, most other threat actors have a tendency to occasionally cycle the connectivity of their online infrastructure. However, the comprehensive shutdown does seem unusual and is perhaps the result of action by law enforcement agencies.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
REvil has been behind some of the most extravagant ransomware operations of late including the one against managed service providers (MSP) by exploiting a vulnerability in the Kaseya VSA remote management software to infect thousands of computers around the world.
Action against Russia-based threat actors, such as REvil, featured prominently in the recent US-Russian Presidential talks in Geneva.
The BBC adds that US President Joe Biden said he raised the issue with his Russian counterpart, Vladimir Putin, again during a phone call last week, telling reporters that he “made it very clear to him…we expect them to act” against the threat actors while hinting that the US could take matters in its own hands if Russia fails to act.
The timing of the outage has sparked speculation that it could be the result of either the US or Russian officials tightening the noose around REvil, though there has been no official statement from any of the parties involved.