The website of 'REvil', a hacker group that has trolled companies around the world, has been hijacked by government agencies and taken offline

The website of Russia's cybercriminal organization REvil , known for its ransomware attacks on tech companies and infrastructure, has been reported to have gone offline due to hacking operations by the United States and its allies. 'REvil' suddenly disappeared from the dark web in July 2021 and was just revived in September.

EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline | Reuters

US, allied nations force REvil ransomware group offline: report | The Hill

REvil, a Russian-based hacker group, attacked Taiwanese PC maker Acer , Brazilian meat giant JBS , and Massachusetts ferry company Steamship Authority with ransomware and demanded a ransom. is known. A large-scale supply chain attack on the IT management service ' Kaseya ' in July 2021 is estimated to have affected about 1,500 companies.

REvil ran a website called 'Happy Blog' on the dark web to leak stolen information and receive ransom. However, it was reported that the 'Happy Blog' suddenly disappeared after attacking Kaseya.

The website of a Russian hacker group aiming for infrastructure disappears the mystery --GIGAZINE

REvil temporarily disappeared from the internet, but in September it turned out that the Happy Blog was back online. Initially, it was speculated that 'REvil did not bring it online, but the law enforcement agency revived it for some reason,' but since the ransomware attack by REvil occurred after that, this revival was REvil. I know it was due to the intention of.

The dark web server of the mysterious disappearing hacker group 'REvil' suddenly revives --GIGAZINE

However, on October 17th, the Happy Blog went offline again. Dmitry Smilyanets's security researchers of the operator '0_neday' of REvil found on the dark web of hacker forum write According to the server is compromised by access using a key of a former member of the REvil 'announ (unknown)' , Happy Blog has gone offline.

Private cyber experts and former government officials who informed Reuters said the Happy Blog offline was carried out by teams from multiple countries, including the Federal Bureau of Investigation (FBI), the U.S. Cyber Command, and intelligence agencies. ..

The FBI hacked REvil after the attack on Kaseya and succeeded in controlling part of the network infrastructure. The July closure was REvil's prior to the FBI's operations, but 0_neday and colleagues restarted the Happy Blog in September using an internal system already controlled by the FBI. Was there. This allowed the FBI to close the Happy Blog.

'The REvil ransomware gang has restored its infrastructure from backups, assuming it hasn't been compromised,' said Oleg Skulkin, deputy director of forensic labs at Russian cybersecurity firm Group-IB. In particular, the gang's own favorite strategy of endangering victims' backups has stripped them. '

A person familiar with the operation said that it was a partner of an American ally who broke into REvil's computer architecture and hacked it. Another person states that operations on REvil are still underway.

The FBI declined to comment on the operation, and a spokeswoman for the White House National Security Council declined to mention it directly. Instead, a spokeswoman said, 'Roughly speaking, we are working on ransomware throughout the government: destroying ransomware infrastructure and actors, upgrading defenses in collaboration with the private sector, and ransomware. This includes building an international coalition that holds the ransomware actors accountable. '

in Security, Posted by log1h_ik