 "Russia's most aggressive ransomware group REvil disappears suddenly")
Just days after President Biden demanded that President Vladimir V Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday.
The mystery is who made it happen.
The group is called REvil, short for “Ransomware evil.” Two weeks after Mr. Biden and Mr. Putin met in Geneva last month, REvil took credit for a hack that affected thousands of businesses around the world over the July 4 holiday.
That latest attack led to Mr. Biden’s ultimatum in a phone call on Friday to the Russian president. Later, Mr. Biden said that “we expect them to act,” and when asked by a reporter later if he would take down the group’s servers if Mr. Putin did not, the president simply said, “Yes.”
He may have done exactly that.
But that is only one possible explanation for what happened around 1 am Eastern time on Tuesday, when the group’s sites on the dark web suddenly disappeared.
Gone was the publicly available “happy blog” the group maintained, listing some of its victims and the group’s earnings from its digital extortion schemes. Internet security groups said the custom-made sites — think of them as virtual conference rooms — where victims negotiated with REvil over how much ransom they would pay to get their data unlocked also disappeared. So did the infrastructure for making payments.
While the disappearance of the hackers’ online presence was celebrated by many who see ransomware as a new scourge, it left some of the group’s targets in the lurch, unable to pay the ransom to get their data back and get their businesses running again.
“What’s the plan for the victims?” asked Kurtis Minder, the chief executive of GroupSense, a digital risk protection company.
There were three main theories about why REvil suddenly disappeared.
One is that Mr. Biden ordered the United States Cyber Command, working with domestic law enforcement agencies, including the FBI, to bring the group’s sites down.
The second theory is that Mr. Putin ordered the group’s sites taken down. If so, that would be a gesture toward heeding Mr. Biden’s warning, which he had also conveyed, in more general terms, when the two leaders met on June 16 in Geneva.
A third theory is that REvil decided that the heat was too intense, and took the sites down itself to avoid becoming caught in the crossfire between the American and Russian presidents.
NYT
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%