Russian REVIL cyber gang disappears after demanding $70M in Bitcoin

The REVIL ransomware group has mysteriously disappeared from the web without a trace after demanding a $70M ransom payout in Bitcoin

The infamous ransomware group REVIL has mysteriously vanished without a trace.

Websites and other digital infrastructure that belonged to the hackers, who are believed to be from either Eastern Europe or Russia, went dark on Tuesday.

Information security blog Bleeping Computer says ” All REVIL sites are down, including payment sites and data leak pages”.

Biden promises ‘consequences’ for Russian hackers

It’s unclear why the group has gone dark, but it comes after US President Joe Biden told Russia’s President Vladimir Putin that there would be ‘consequences’ if the Kremlin didn’t address the ongoing spate of ransomware attacks.

Biden has previously stressed the importance of addressing hacks, acknowledging their threat to critical infrastructure that is relied on by Americans. However, speculation is still mounting as to why REVIL has suddenly disappeared.

Cybersecurity firm Exabeam told CNN, “this outage could be criminal maintenance, planned retirement, or, more likely, the result of an offensive response to the criminal enterprise’.

REVIL gang demands $70M in Bitcoin ransom

This comes after the group asked for a $70M ransom in Bitcoin from victims of a recent hack. They promised to release a ‘universal decryptor key’ to all victims if anyone was willing to pay the ransom.

The REVIL gang posted a blog entry on its personal website on the dark web taking credit for the audacious cyber attack on MSP providers in the US which they claim affected over a million systems.

“Everyone will be able to recover from the attack in less than an hour,” the post read.

Will the companies pay the ransom?

The general advice from cyber-security experts is to not pay hackers to retrieve their data, because it encourages future attacks.

However, John Hammond from Huntress Labs doesn’t believe the situation is so simple. The cybersecurity firm Huntress Labs Inc is leading the investigation into the attack.

“This is an extremely intricate and tough situation,” he said in a private Twitter message to Ticker reporters.

“You have to make the decision that is best for your business,” he said.

The Kaseya cyber attack

The attack targeted more than 20 managed service providers (MSP). Yesterday, Huntress Labs anticipated the hack had affected more than 1000 businesses, which expectations that the figure would grow based on reports from the providers and a Reddit thread tracking the hack.

“It’s reasonable to think this could potentially be impacting thousands of small businesses,” tweeted John Hammond from Huntress Labs. Hammond says the attack targeted a software supplier called Kaseya.

Biden has sinced called for US intelligence to conduct a “deep dive” into the attacks. “We’re not sure it’s the Russians,” he said. “The initial thinking was, it was not the Russian government, but we’re not sure yet.”

Sweden closes up shop

Another victim of the attack is Sweden, which has seen around 500 supermarkets unable to trade.

Coop Sweden has closed half of its 800 stores after its point-of-sale tills and self-service checkouts stopped working just before the weekend.

The supermarket itself was not targeted by hackers. However, because it uses on of the affected MSPs it too has fallen victim to the attack.

Cybersecurity becomes and international security issue

This comes as the latest in a string of ransomware attacks in recent months, including the attack on JBS. Experts have also attributed the JBS attack to the REvil cyber gang.

It also comes shortly after President Joe Biden signed an executive order to strengthen cybersecurity defences across the US.