Reported in the New York Times today, by David Sanger, the aggressive ransomware organized crime syndicate believed base in Russia has gone offline. He lists several possible gambits. My favorite ” a third is that REvil decided that the heat was too intense, and took itself down to avoid becoming part of the crossfire between the American and Russian presidents. That is what another Russian-based group, Darkside, did after the ransomware attack on Colonial Pipeline, the U.S. company that had to shut down the gasoline and jet fuel running up the East Coast in May.
But many experts think that Darkside’s going-out-of-business move was digital theater, and that all of the key ransomware talent would reassemble under a different name. If so, the same could happen with REvil.” Any way we look at it the threat is no less for anyone today than yesterday. Remain vigilant. In Cyberscoop, Jeff Stone says, “REvil, the Russian-speaking hacking crew that claimed responsibility for a hack at the IT firm Kaseya that yielded perhaps thousands of victims, largely went dark Tuesday morning, according to multiple security researchers. The dark web site where REvil typically posts victim data and a payment site suddenly went down, while one site apparently ceased responding to Domain Name System requests.
