According to Reuters, the government has successfully hacked REvil, the hacking group behind ransomware linked to Apple leaks and attacks on enterprise software vendors. According to Reuters, sources from the outlets claim that the FBI Secret Service, Cyber Command and other organizations worked together to shut down the operations of the group this month. According to reports, the dark web blog of the group, which contained information obtained from its targets is also offline.
TechCrunch reported that the Tor website was unavailable on Monday, prompting reports about the group's demise. The possibility of a hack was fueled by a forum posting from one of the group's leaders claiming that the server had been compromised. However, at the time it was not clear who was responsible. Reuters quotes sources who claim that the government's operation against ransomware hackers (including REvil) is ongoing.
The US has taken steps to crack down on ransomware groups
As ransomware attacks become more expensive for companies, the US is gradually cracking down on ransomware groups. One company paid $40 million to get its operations back. Treasury supported sanctions making it more difficult to convert hacked machines into money. The Department of Justice established a team to investigate crimes committed by cryptocurrency exchanges. It also cited the impact of ransomware multiple times in its announcement.
Due to the high-profile and high-impact nature the attacks it was linked to, REvil has been a hot topic. It is responsible for the attack on an Apple supplier, which leaked schematics of MacBooks, as well attacks on JBS, Travelex and IT management software developer Kaseya. The US Treasurys Financial Crimes Enforcement Network named the group as one of the largest ransomware groups in terms reported payouts.
According to the Treasury, REvil is the most powerful ransomware group.
REvil was taken offline by the FBI in July. This happened just one month after JBS was brought down by the FBI, which is responsible for half of the world's meat supply.
Although it is possible for the group to return, the US attacked the group in July because they were trying to recover from that downtime. Sources tell Reuters that one of the group members restored a backup, and unwittingly included law enforcement systems. According to Reuters, a Russian security expert says that REvil uses the infecting of backups as a common tactic.