REvil Dismantled Again, Possibly For Good
The era of the world’s most infamous collective of malware masterminds came to a close on Thursday as three cybersecurity experts working for the U.S. government announced that the notorious REvil hacking group had been taken offline, for what may be the last time.
According to top-level REvil organizer 0 neday, the notorious malware operation was hacked by an unnamed infiltrator. “The server was compromised, and they were looking for me,” wrote 0 neday on a well-known cybercrime forum. “Good luck, everyone; I’m off,” he concluded his last post, banned from the forum by a moderator mere hours later.
Brought to global attention after its role in the shutdown of major beef processing plants in four countries and disrupting supply globally in the process, REvil first disappeared on July 13th, only to resurface under a different structure weeks later.
There is little doubt that REvil’s infrastructure takedown is the result of U.S.-orchestrated efforts.
On July 23rd, Kaseya, a Swedish grocery store chain whose systems had been encrypted by REvil-associated malware, announced it had received a decryption key for the files encrypted earlier that month, which was later discovered to have been given to them by the FBI.
Plans for retaliation were discovered today as other ransomware groups called for cyber warfare against U.S. interests. Portions of a publicly-posted message composed by a self-identified Groove Ransomware member translated to the following warning:
“In our difficult and troubled time when the US government is trying to fight us, I call on all partner programs to stop competing, unite and start fucking up the US public sector, show this old man who is the boss here who is the boss and will be on the Internet…
… I urge not to attack Chinese companies, because where do we pinch if our homeland suddenly turns away from us, only to our good neighbors – the Chinese! I BELIEVE THAT ALL ZONES IN THE USA WILL BE OPENED, ALL HOES WILL COME OUT AND FUCK THIS FUCKING BIDEN IN ALL THE CRACKS, I myself will personally make efforts to do this” – Groove ransomware, 10/22/21
Other security researchers have noted that the chance for the re-emergence of REvil’s core members under a different guise remains something to consider.
Among REvil’s targets over the last two years are Donald Trump, Lady Gaga, Madonna, Acer, and Lenovo.