“All REvil sites are corrupted, including payment sites and the data leak site,” wrote Lawrence Abrams, creator of the information security blog BleepingComputer, on Twitter. “Public ransomware gang representative [sic], Unknown, is surprisingly quiet. ”
Ransomware works by shutting down a computer network, stealing and encrypting data until victims agree to pay a fee.
Those who refuse can find their information leaked online. In recent years, ransomware gangs have pursued hospitals, universities, police departments, city governments, and a wide range of other targets.
A well-known source told CNN that the House Intelligence Committee has not been informed of what made REvil obscure. An aide to the Senate Intelligence Committee said “there is no comment” when asked if that committee was informed of the situation.
REvil has received $ 11 million from victims during its operation, according to cryptocurrency payment tracker Ransomwhere.
The sudden disappearance of the group has sparked widespread speculation about what might have happened. Theories range from the planned time of system outage to a coordinated government strike. But at this stage, experts are still speculating. The FBI and the US Cyber Command declined to comment on whether they may have been involved.
“This outage could be criminal detention, planned retirement, or, most likely, the result of an offensive response to the criminal enterprise – we do not know,” said Steve Moore, chief security strategist at cybersecurity firm Exabeam.
Dmitry Alperovitch, chairman of the think tank Silverado Policy Accelerator and co-founder of Internet security firm CrowdStrike, hypothesized that Western governments could put pressure on Internet infrastructure companies not to meet web browser requirements for REvil sites. (Alperovitch no longer works in CrowdStrike.)
Drew Schmitt, chief threat intelligence analyst at GuidePoint Security, warned that while an inability to link to REvil sites could be a potential indicator of law enforcement involvement does not conclusively prove it.
“Last week the REvil site was also small,” he said in a statement to CNN.
REvil is among the most prolific ransomware attackers, according to cyber security firm CheckPoint. In the last two months alone, REvil has carried out 15 attacks a week, said CheckPoint spokesman Ekram Ahmed.
Given the attention it has created, REvil may have voluntarily chosen to sit down for a while, Ahmed added. “We recommend that you do not rush to immediate conclusions as it is early, but REvil is, indeed, one of the most ruthless and creative ransomware gangs we have ever seen.”
Anne Neuberger, the White House chief cyber official, was traveling with Biden on Tuesday, though her reasons for accompanying the president to Philadelphia were unclear. A White House spokesman did not immediately respond to a request for comment.