On July 13, 2024, all websites of the infamous Russian ransomware gang REvil went down, sparking speculation among everyone as to where and how they had disappeared.
REvil is one of the biggest hacking groups that has been striking businesses with ransomware attacks since 2019. In 2024 alone, REvil said they had made $100 million out of ransoms. However, the gang has explained that they had not been satisfied with their “revenue,” and that instead, they want to make $2 billion in their ransomware “business.”
The reason behind the disappearance is still unknown. However, it is not uncommon for hacking groups to go offline and come back again for no apparent reason.
It is also worth noting that lately, the U.S. government’s attention has been on REvil, threatening to take action against them. So, their disappearance could have happened to draw the attention away for a while. Or, the U.S. could have indeed taken action to stop them.
REvil’s Attack on Kaseya
Earlier this month, REvil had attacked the software vendor Kaseya in what cybersecurity experts had called, more or less, the single biggest global ransomware attack. The ransomware gang attacked hundreds of businesses and thousands of computers. They had encrypted their data and demanded $70 million ($92 million in bitcoin) to give Kaseya the tool to decrypt it.
One Kaseya customer, who asked to stay anonymous, had paid the ransom to REvil and had gotten the decryption tool. However, they said that after paying, they found out the tool wasn’t working.
Usually, if something like this happens, the victims can contact REvil’s customer service to get help. However, with the REvil service outage, everyone was left struggling to find a way to decrypt their data.
A few days ago, president Joe Biden had had an hour-long phone call with Vladimir Putin. Biden had warned Putin that if he doesn’t put an end to ransomware attacks on U.S. companies, Biden would have to retaliate.
Following the phone call, REvil’s websites were suddenly out of service. So, it is speculated that either the U.S. officials or the Russian officials might have taken action against REvil.
Cyber reporter Joe Tidy said he had received information from an affiliate of the gang that “the U.S. “Feds took down” elements of their websites, and so they pulled the plug on the rest of their operation.” He added that “Russia is tired of the U.S. and other countries crying to them.”
The bottom line is that Kaseya and hundreds of other businesses had been left hanging after REvil’s websites had all become unreachable.
19 days after the attack, and literally out of the blue, Kaseya said they had come into possession of a “universal decryptor.” Kaseya encouraged anyone who had been affected by the attack to come forward and ask for help. As they claimed the decryption tool had proved to be 100% effective at decryption data that had been completely encrypted in the attack.
At first, when asked about the source of the decryption tool, their spokesperson said they had gotten it from a “third party,” and refused to confirm or deny whether they had paid any ransom to REvil.
Later, the software company released a statement denying they had paid the ransom. The statement said, “we are confirming in no uncertain terms that Kaseya did not pay a ransom — either directly or indirectly through a third party — to obtain the decryptor.”
More than 40,000 companies and organizations from all across the world use at leats one of Kaseya’s IT solutions. So, paying the ransom was not Kaseya’s decision to make; the statement mentioned that “while each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack, and we have not wavered from that commitment.”
It remains a mystery where Kaseya had gotten the decryption tool from. However, there have been some speculations; some people think that either the governement of the United States or that of Russia must have done something about it. There is a possibility that one of the governments had seized the decryption tool and handed it to Kaseya.
REvil’s websites are still out of reach until this very day. However, no one knows for how long this outage will last. And, nobody knows what Revil’s plans for the future are. Will they finally give up cyber-attacks, or will they come back with another huge cybercrime?
Cyber-attacks have been on the rise in the past decade, peaking in 2024 and 2024. It wouldn’t be a sweeping statement to say that everyone is at the risk of being the next victim. So, how can you avoid it?
How to Protect Yourself
The most important thing to do to avoid bing hacked is to simply stay alert. Most cyber-attacks happen through phishing. Phishing is a cybercrime where hackers lead you into clicking on a link they have sent you. This link is usually infected with malware. When you press on the link, your device or system will be infected with the malware, and the hackers will gain access to your device.
So, as a way of taking precaution before the actual problem happens, companies should have special trainings for their employees on how to use the internet smartly to avoid falling into the trap of hackers.
Other than that, businesses nowadays should never go without using an Antivirus software.
Cybersecurity experts at several.com have prepared a detailed analysis of the best Antivirus software providers on the market in 202, rated and ranked. You can see which Antivirus offers the best features that fit your and your company’s needs.
An Antivirus is a vital precaution that will protect your network and devices in many ways; it creates a firewall that does regular and continuous scans for any viruses, worms, or malware. This firewall serves as a literal wall to stop any malware from entering your system.
In addition, the Antivirus will develop an intrusion decetction system. This feature will notify you in case of detecting that there is an intruder who is trying to find a way into your device. In addition, it will make sure no such intrusion gets to your system.