Skip to main content

Kremlin fails to deny takedown of sites and portals used by Russian-based hacking group ReVil is connected to Biden's pressure on Putin

The Kremlin has failed to deny that the takedown of Russian-based hacking group ReVil is tied to US President Joe Biden's pressure on Russian President Vladimir Putin.

Press secretary of the President of the Russian Federation Dmitry Peskov said Wednesday the state doesn't have any information about REvil's sudden disappearance from the internet and insisted Russia wants to 'cooperate' with the US in taking down cybercriminals.

REvil's dark web data-leak site and ransom-negotiating portals have both been unreachable since about 1am on Tuesday. 

The timing of the takedown raised eyebrows coming just days after Biden demanded Putin took action following a series of devastating ransomware attacks by the Russia-based group on US businesses.

REvil, also known as 'Ransomware evil', was responsible for the Memorial Day ransomware attack on the meat processor JBS and the supply-chain attack this month targeting the Miami-based software company Kaseya that crippled well over 1,000 businesses globally.   

The Kremlin has failed to deny that the takedown of the websites used by Russian-based hacking group ReVil is tied to US President Joe Biden's pressure on Russian President Vladimir Putin. Biden and Putin pictured meeting at the Geneva Summit on June 16

The Kremlin has failed to deny that the takedown of the websites used by Russian-based hacking group ReVil is tied to US President Joe Biden's pressure on Russian President Vladimir Putin. Biden and Putin pictured meeting at the Geneva Summit on June 16 

When asked Wednesday by reporters if Russia was behind REvil's takedown from the darknet, Peskov denied having any knowledge of what had happened.  

'I cannot answer your question, because I do not have such information. I do not know which group, where it disappeared from,' he said, according to Russian News Agency TASS.

He said Russia believes cybercriminals 'should be punished' but doubled down that he was not aware if the ransomware gang had been deliberately been targeted by authorities.  

'We believe that should be punished,' he said. 

'On the international level, we believe that we should all cooperate. In this case, Russia and the United States should cooperate in order to suppress such manifestations. 

'As for the particulars about this group, I, unfortunately, with such information I don't have it, 'he added.

Peskov said the US and Russia had begun talks on how to work together to tackle cyber crime.

'Yes, the process of bilateral consultations on this topic has begun,' he said. 

The US has also so far stayed quiet on whether or not it was behind REvil's disappearance. 

Spokespeople for the White House and US CyberCommand, the Pentagon's cyber arm, declined to comment on Tuesday about REvil going dark. 

The reason for the disappearance remains a mystery but speculation has grown that talks between Biden and Putin may have led to authorities in one or both countries to orchestrate its removal.  

REvil was responsible for the supply-chain attack this month targeting the Miami-based software company Kaseya that crippled well over 1,000 businesses globally

REvil was responsible for the supply-chain attack this month targeting the Miami-based software company Kaseya that crippled well over 1,000 businesses globally

The ransomware group was also behind the Memorial Day ransomware attack on the meat processor JBS

The ransomware group was also behind the Memorial Day ransomware attack on the meat processor JBS

REvil: The Russian ransomware gang behind US attacks 

REvil, also known as Sodinokibi, is a group of hackers that recruits affiliates to distribute ransomware for them.

As part of the deal, REvil and the affiliates split any ransoms obtained using the group's malware.

Short for 'ransomware evil,' REvil refers to both the group and its software.

Members are known to speak Russian, and the group operates with impunity from somewhere in Russia or Eastern Europe.

The group is behind recent attacks on US businesses, including the JBS meat plant and Miami-based software firm Kaseya.

Biden told Putin on a call Friday that he needed to rein in attacks from Russia-based groups and warned that the US had the right to defend its people and critical infrastructure from attacks. 

He told reporters he had 'made it very clear to ... we expect them to act' and vowed to take down REvil's servers if Russia did not.  

The latest attack from the ransomware gang came just two weeks after the two leaders met at a summit in Geneva, Switzerland, on June 16. 

At the meeting Biden urged the Russian president to crack down on cyber hackers emanating from Russia.   

Biden told Putin that 16 types of critical infrastructure - including food and agriculture, emergency services and health care - should be 'off-limits' to cyberattacks and warned of consequences if such attacks continued.

In the meeting, Putin denied that Russia was behind recent attacks.    

However, despite the suspicious timing of REvil's disappearance, cybersecurity experts said that it was premature to speculate.

Vanishing acts are common in the ransomware world where gangs tend to disappear and rebrand when they begin attracting too much heat.' 

There was also no immediate or public signs that the government had anything to do with REvil appearing offline.   

Threat researcher Ryan Sherstobitoff of SecurityScorecard said it was also possible that the group was laying low after the attack or switching methods 'as we did expose them'.

Sean Gallagher, a threat researcher at the cybersecurity firm Sophos, added: 'It could be that the server hardware failed, or that it was intentionally taken down, or that someone attacked their host.' 

He noted that REvil's public ransom-negotiating site was also down last week.

'We have seen no indicators for either voluntary shutdown nor of any offensive steps from law enforcement,' said Alex Holden, founder and chief information security officer of Hold Security. 

'Right now, perhaps, it is too early to speculate, especially as REvil was building up their strength over the recent months.

'There is always a glimmer of hope that Russia is finally doing something right.'

Ransomware variants have previously disappeared as the criminals behind them retooled and modified their malware before introducing it under a new guise. 

That is what threat analysts believe happened with a precursor to the REvil ransomware-as-a-service software called Gandcrab. 

It was the most successful variant over a 15-month run that began in January 2018. 

REvil has claimed responsibility for a series of attacks on US businesses this year alone.  

The two leaders met at the Geneva Summit last month (pictured), where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia

The two leaders met at the Geneva Summit last month , where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia

The unprecedented attack targeting the Miami-based software firm Kaseya affected an estimated 1,500 businesses globally.  

The hackers first targeted Kaseya before spreading to other firms that use the company's software.  

The hackers that struck Friday hijacked widely used technology management software from Kaseya then changed a Kaseya tool called VSA. 

VSA is used by IT professionals to manage technology including servers, desktops, network devices and printers at smaller businesses. 

The cybercriminals then encrypted the files of those providers' customers simultaneously.  

This type of hacking is especially damaging as by going after MSPs the hackers can reach many more victims - by breaching the systems of their customers as well.    

The breach was discovered July 2 as many businesses had already closed or waved goodbye to employees for the long Independence Day weekend.   

The Kaseya attack shut down a major Swedish supermarket chain and ricocheted around the world, impacting businesses in at least 17 countries, from pharmacies to gas stations, as well as dozens of New Zealand kindergartens. 

Meanwhile, the attack on JBS saw America's largest beef supplier end up paying an $11 million ransom in Bitcoin to the hackers who shut down its plants.

JBS learned of the attack early on May 30 after discovering 'irregularities' on its servers and a ransom note. 

US businesses and critical infrastructure have fallen victim to attacks from other cyber criminal groups thought to be based in Russia in recent months with Colonial Pipeline hacked by DarkSide (Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland pictured)

US businesses and critical infrastructure have fallen victim to attacks from other cyber criminal groups thought to be based in Russia in recent months with Colonial Pipeline hacked by DarkSide (Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland pictured) 

The hack threatened to disrupt meat supplies across the United States over Memorial Day weekend, suspending meat production systems at JBS's US plants for four days. 

The FBI said in June REvil was also behind that breach.  

US businesses and the nation's critical infrastructure have fallen victim to attacks from other cyber criminal groups thought to be based in Russia in recent months.  

In May, Colonial Pipeline fell victim to an attack that forced the carrier of 45 percent of fuel to the East Coast to shut down its entire network and sparked a fuel crisis nationwide. 

The attack forced the pipeline offline on May 7, halting 2.5 million barrels per day of fuel shipments along the line running from Texas to New Jersey.

It sparked concerns of a national fuel crisis with thousands of gas stations running out of fuel and motorists racing to fill up their cars, pushing the national average price of gas past $3 for the first time since 2014.  

Colonial Pipeline shelled out almost $5million to DarkSide to get its pipeline back online as soon as possible.  

DarkSide is a criminal cybergroup also believed to be based in Russia or Eastern Europe with ties to Russia. 

Officials said the hack was the most disruptive cyberattack on energy infrastructure in American history. 

Back in December, several government agencies and top businesses were breached by a suspected Russian-state-sponsored group Nobelium via the SolarWind software.

Popular posts from this blog

Study Abroad USA, College of Charleston, Popular Courses, Alumni

Thinking for Study Abroad USA. School of Charleston, the wonderful grounds is situated in the actual middle of a verifiable city - Charleston. Get snatched up by the wonderful and customary engineering, beautiful pathways, or look at the advanced steel and glass building which houses the School of Business. The grounds additionally gives students simple admittance to a few major tech organizations like Amazon's CreateSpace, Google, TwitPic, and so on. The school offers students nearby as well as off-grounds convenience going from completely outfitted home lobbies to memorable homes. It is prepared to offer different types of assistance and facilities like clubs, associations, sporting exercises, support administrations, etc. To put it plainly, the school grounds is rising with energy and there will never be a dull second for students at the College of Charleston. Concentrate on Abroad USA is improving and remunerating for your future. The energetic grounds likewise houses various
Read more

Best MBA Online Colleges in the USA

“Opportunities never open, instead we create them for us”. Beginning with this amazing saying, let’s unbox today’s knowledge. Love Business and marketing? Want to make a high-paid career in business administration? Well, if yes, then mate, we have got you something amazing to do!   We all imagine an effortless future with a cozy house and a laptop. Well, well! You can make this happen. Today, with this guide, we will be exploring some of the top-notch online MBA universities and institutes in the USA. Let’s get started! Why learn Online MBA from the USA? Access to More Options This online era has given a second chance to children who want to reflect on their careers while managing their hectic schedules. In this, the internet has played a very crucial in rejuvenating schools, institutes, and colleges to give the best education to students across the globe. Graduating with Less Debt Regular classes from high reputed institutes often charge heavy tuition fees. However onl
Read more

Sickening moment maskless 'Karen' COUGHS in the face of grocery store customer, then claims she doesn't have to wear a mask because she 'isn't sick'

A woman was captured on camera following a customer through a supermarket as she coughs on her after claiming she does not need a mask because she is not sick.  Video of the incident, which has garnered hundreds of thousands of views on Twitter alone, allegedly took place in a Su per Saver in Lincoln, Nebraska according to Twitter user @davenewworld_2. In it, an unidentified woman was captured dramatically coughing as she smiles saying 'Excuse me! I'm coming through' in the direction of the customer recording her. Scroll down for video An unidentified woman was captured dramatically coughing as she smiles saying 'Excuse me! I'm coming through' in the direction of a woman recording her A woman was captured on camera following a customer as she coughs on her in a supermarket without a mask on claiming she does not need one because she is not sick @chaiteabugz #karen #covid #karens #karensgonewild #karensalert #masks we were just wearing a mask at the store. ¿ o
Read more