Business Standard

Russia’s most aggressive ransomware group disappears

It’s unclear who made that happen

- DAVID E SANGER

Just days after President Biden demanded that President Vladimir V Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday.

The mystery is who made it happen.

The group is called Revil, short for “Ransomware evil.” Two weeks after Mr. Biden and Mr. Putin met in Geneva last month, Revil took credit for a hack that affected thousands of businesses around the world over the July 4 holiday.

That latest attack led to Mr. Biden’s ultimatum in a phone call on Friday to the Russian president. Later, Mr. Biden said that “we expect them to act,” and when asked by a reporter later if he would take down the group’s servers if Mr. Putin did not, the president simply said, “Yes.” He may have done exactly that. But that is only one possible explanatio­n for what happened around 1 am Eastern time on Tuesday, when the group’s sites on the dark web suddenly disappeare­d.

Gone was the publicly available “happy blog” the group maintained, listing some of its victims and the group’s earnings from its digital extortion schemes. Internet security groups said the custom-made sites — think of them as virtual conference rooms — where victims negotiated with Revil over how much ransom they would pay to get their data unlocked also disappeare­d. So did the infrastruc­ture for making payments.

While the disappeara­nce of the hackers’ online presence was celebrated by many who see ransomware as a new scourge, it left some of the group’s targets in the lurch, unable to pay the ransom to get their data back and get their businesses running again.

“What’s the plan for the victims?” asked Kurtis Minder, the chief executive of Groupsense, a digital risk protection company.

There were three main theories about why Revil suddenly disappeare­d.

One is that Mr. Biden ordered the United States Cyber Command, working with domestic law enforcemen­t agencies, including the FBI, to bring the group’s sites down.

The second theory is that Mr. Putin ordered the group’s sites taken down. If so, that would be a gesture toward heeding Mr. Biden’s warning, which he had also conveyed, in more general terms, when the two leaders met on June 16 in Geneva.

A third theory is that Revil decided that the heat was too intense, and took the sites down itself to avoid becoming caught in the crossfire between the American and Russian presidents.

?? ?? During a meeting in Geneva on June 16, US President Biden (left) pressured Russia’s President Putin to take action against cybercrimi­nals who are attacking American targets. In starker terms, Biden demanded that Putin take action in a call last week
During a meeting in Geneva on June 16, US President Biden (left) pressured Russia’s President Putin to take action against cybercrimi­nals who are attacking American targets. In starker terms, Biden demanded that Putin take action in a call last week

Newspapers in English

Newspapers from India