The websites managed by the ransomware REvil team have been down since yesterday.
Η ομάδα ransomware REvil, γνωστή και ως Sodinokibi, διαθέτει αρκετούς ιστότοπους, τόσο για κανονικό www δίκτυο, όσο και στο Τor, που χρησιμοποιούνται ως ιστότοποι διαπραγμάτευσης λύτρων, ιστότοποι διαρροής δεδομένων ransomware και υποδομή backend. Από χθες είναι όλοι εκτός λειτουργίας χωρίς καμία warning.
Those who visit well-known sites, such as decoder [.] re see a message telling them that the server could not be found. It is not clear what led to the collapse of all these pages linked to the Russian group REvil, but suspicions fall on the US authorities.
On Friday, President Joe Biden was asked by a reporter whether it "makes sense" for the United States to attack the servers computers that they have hosted attacks ransomware and the chairman replied in the affirmative.
In addition, a US National Security Council official told reporters the same day that US authorities were expected to take action against ransomware groups soon.
It is unknown at this time what he will do after leaving the post.
The bottom line is, however, that the US in concert with Russia began to pressure these types of illegal groups to expose them. Similar ransomware groups, such as DarkSide and Babuk, voluntarily shut down their websites due to increased pressure from law enforcement.
However, when an ransomware group is terminated, their operators and associates usually rename the group and continue to operate it as a new business carrying out ransomware attacks. This has been observed in the past, when GandCrab closed and many of its members resumed as REvil. The Babuk team was also restarted as Babuk v2.0.