The US government has successfully infiltrated hacking group REvil, the entity behind ransomware attacks linked to Apple leaks, attacks on enterprise software vendors, and more, according to the US government. to report Released by Reuters.
The sources said the FBI, Secret Service, Cyber Command and organizations from other countries have worked together to shut down the group’s operations this month.
The group’s dark weblog, which revealed information gleaned from its targets, is also reported to be offline.
Reports that the group was no longer online began to surface earlier this week, as its Tor site is no longer available.
There was speculation of a breakthrough, fueled by to share On the forum from one of the suspected leaders of the group saying that its server was hacked. But it was not clear at the time who was responsible.
Reuters cited sources saying the government’s operation against ransomware hackers, including REvil, is still ongoing.
And the US is slowly clamping down on groups linked to ransomware attacks, as the attacks become prohibitively expensive for businesses (one company reportedly paid a $40 million ransom to restore operations).
And the Treasury Department imposed sanctions that make it difficult to monetize the hacked devices. The Department of Justice has set up a team to investigate crimes committed by cryptocurrency exchanges, citing the impact of ransomware several times in its announcement.
Read also: Gigabyte under ransomware attack
REvil ransomware attack suite hacked
REvil has been in the spotlight lately due to the high-impact or high-profile nature of the attacks associated with it. It was blamed for an attack on an Apple supplier and a leak of schematics for the MacBook Pro. In addition there are attacks on JBS, Kaseya, Travelex and Acer.
The group has been named by the US Treasury’s Financial Crimes Enforcement Network as one of the largest groups of ransomware attacks in terms of reported payments.
REvil has previously gone out of business and its site disappeared from the dark web in July. That’s one month after the FBI announced that the group was responsible for the attacks against JBS. It is a company responsible for one fifth of the world’s meat supply.
According to Reuters sources, one of the group members restored a backup and inadvertently included systems that had been compromised by law enforcement agencies.
A Russian security expert told Reuters that infecting backups is a common technique used by REvil itself.