Security Market Segment LS
Friday, 22 October 2021 09:40

Windows REvil ransomware gang taken down by US spies and allies: claim Featured

By
Windows REvil ransomware gang taken down by US spies and allies: claim Pixabay

The REvil ransomware group was taken offline by intelligence agencies and law enforcement from the US and a number of its allies, the news agency Reuters claims.

The agency cited three private sector security experts working with the US Government and one ex-official as it sources.

On Wednesday, the news surfaced that the REvil site on the dark web was offline. One Dmitry Smilyanets, who works for the threat intelligence firm Recorded Future and also writes for The Record, a website belonging to the company, claimed to have found a thread claiming to offer the reason for the disappearance of REvil. The CIA's investment arm, In-Q-Tel is an investor in Recorded Future.

Ransomware threat researcher Brett Callow, from the New Zealand-headquartered security outfit Emsisoft, had cautioned the same day about believing any of the chatter around the incident. REvil, which is also known as Sodinokibi, attacks only systems running Microsoft's Windows operating system.

VMware head of cyber security strategy Tom Kellerman was quoted by Reuters as saying: "The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups."

Kellerman is an adviser to the US Secret Service on cyber crime.

REvil went offline in July for the first time, after the ransomware had been used to attack about 60 managed service providers, using a zero-day flaw in the Kaseya VSA remote management software. Kaseya is a solutions developer for MSPs.

Roughly two months later, REvil came back online. There has been speculation that the dark web operations of REvil disappeared in July due to a technical issue. Once the site came back online, it was taken to mean that the operators had been merely lying low.

Pressure on ransomware gangs has increased after a hit on the Colonial pipeline in the US in May by the DarkSide ransomware gang.

That was ramped up further after the Kaseya incident, with US President Joe Biden raising the issue with his Russian counterpart, Vladimir Putin, during talks.

The US convened an online meeting of some 31 countries recently to discuss steps to prevent ransomware attacks, but for some unknown reason did not invite either Russia or China

Oleg Skulkin, deputy head of the forensics lab at Russian security company Group-IB, said: “The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised.

“Ironically, the gang's own favorite tactic of compromising the backups was turned against them.”

Read 2264 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




ELASTICON SYDNEY 2024 LATEST ADVANCEMENTS IN GENERATIVE AI

On 20 February, keynote addresses from NAB, Canva, AWS, and Google Cloud, among others, will feature at ElasticON Sydney 2024.

This event will explore the latest advancements in generative AI

The one-day conference, hosted by leading search analytics company Elastic, will include networking drinks, hands-on labs, technical sessions and a stellar line-up of keynote speakers from finance, technology, and government e=sectors.

ElasticON Sydney 2024 promises to be an enriching experience with a comprehensive exploration of the latest developments in security, observability, generative AI and their real world applications

Don't miss out on this opportunity to network and find answers for what's next from your industry peers and leaders


Register for ElasticON Sydney 2024

REGISTER HERE!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

Subscribe to Newsletter

*  Enter the security code shown:

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments