Sites operated by the REvil ransomware group have been put down except operation since yesterday.
The REvil ransomware group, also known as Sodinokibi, has several websites, both for regular www network, as well as Tor, used as ransom trading sites, ransomware data leakage sites, and backend infrastructure. Since yesterday they are all out of order without any noticenotice.
Those who visit well-known sites, such as decoder [.] re they see one message which tells them that the server cannot be found. It is not clear what led to the collapse of all these pages linked to the Russian group REvil but suspicion falls on the US authorities.
On Friday, President Joe Biden was asked by a reporter if it "makes sense" for the United States to attack computer servers that have hosted ransomware attacks and the chairman replied in the affirmative.
In addition, a US National Security Council official told reporters the same day that US authorities were expected to take action against ransomware groups soon.
It is unknown at this time what he will do after leaving the post.
The point, however, is that the United States, in consultation with Russia, has begun to press such illegal groups to expose them. Respective ransomware groups, such as DarkSide and Babuk, have voluntarily shut down their websites due to increased pressure from law enforcement.
However, when an ransomware group is terminated, their operators and associates usually rename the group and continue to operate it as a new business carrying out ransomware attacks. This has been observed in the past, when GandCrab closed and many of its members resumed as REvil. The Babuk team was also restarted as Babuk v2.0.