The website and other infrastructure belonging to the cybercrime gang, believed to operate from Eastern Europe or Russia, went dark on Tuesday after close observers of the group discovered that they were unable to connect to the REvil website by listing its victims.
Others said they were unable to connect to sites where REvil uses to communicate with victims and collect ransom payments.

“All REvil sites are corrupted, including payment sites and the data leak site,” wrote Lawrence Abrams, creator of the information security blog BleepingComputer, on Twitter. “Public ransomware gang representative [sic], Unknown, is surprisingly quiet. ”

The reasons for REvil’s disappearance were not immediately clear, but it comes after a host of high-profile hacks by the group that took control of computers around the world. It also comes after President Joe Biden said he warned his Russian counterpart Vladimir Putin that there would be consequences if Moscow fails to address ransomware attacks coming from within its borders.
The Biden administration has increasingly identified ransomware as a threat to national and economic security, stressing its potential to disrupt the critical infrastructure on which Americans depend.

Ransomware works by shutting down a computer network, stealing and encrypting data until victims agree to pay a fee.

Those who refuse can find their information leaked online. In recent years, ransomware gangs have pursued hospitals, universities, police departments, city governments, and a wide range of other targets.

A well-known source told CNN that the House Intelligence Committee has not been informed of what made REvil obscure. An aide to the Senate Intelligence Committee said “there is no comment” when asked if that committee was informed of the situation.

Over the July 4 holiday weekend, cybersecurity experts said REvil was responsible for an attack on Kaseya, an IT software company that indirectly supports countless small businesses, including accounting firms, restaurants and dental offices.
REvil sought credit for the attack, seeking a $ 70 million ransom to release the affected cars. U.S. officials have also said that REvil was behind the attack on JBS, one of the world’s largest meat packaging companies.

REvil has received $ 11 million from victims during its operation, according to cryptocurrency payment tracker Ransomwhere.

The sudden disappearance of the group has sparked widespread speculation about what might have happened. Theories range from the planned time of system outage to a coordinated government strike. But at this stage, experts are still speculating. The FBI and the US Cyber ​​Command declined to comment on whether they may have been involved.

“This outage could be criminal detention, planned retirement, or, most likely, the result of an offensive response to the criminal enterprise – we do not know,” said Steve Moore, chief security strategist at cybersecurity firm Exabeam.

Dmitry Alperovitch, chairman of the think tank Silverado Policy Accelerator and co-founder of Internet security firm CrowdStrike, hypothesized that Western governments could put pressure on Internet infrastructure companies not to meet web browser requirements for REvil sites. (Alperovitch no longer works in CrowdStrike.)

Drew Schmitt, chief threat intelligence analyst at GuidePoint Security, warned that while an inability to link to REvil sites could be a potential indicator of law enforcement involvement does not conclusively prove it.

“Last week the REvil site was also small,” he said in a statement to CNN.

REvil is among the most prolific ransomware attackers, according to cyber security firm CheckPoint. In the last two months alone, REvil has carried out 15 attacks a week, said CheckPoint spokesman Ekram Ahmed.

Given the attention it has created, REvil may have voluntarily chosen to sit down for a while, Ahmed added. “We recommend that you do not rush to immediate conclusions as it is early, but REvil is, indeed, one of the most ruthless and creative ransomware gangs we have ever seen.”

Anne Neuberger, the White House chief cyber official, was traveling with Biden on Tuesday, though her reasons for accompanying the president to Philadelphia were unclear. A White House spokesman did not immediately respond to a request for comment.