National Security

Russia’s Most Renowned Ransomware Group Suddenly Disappeared

(DAMIEN MEYER/AFP via Getty Images)

Michael Ginsberg Congressional Correspondent
Font Size:

The website for REvil, the ransomware gang responsible for hacks on major companies in the U.S., shut down early Tuesday morning.

“Happy blog,” where REvil posted a list of its victims and the cost for them to regain access to their websites, was shut down at about 1 a.m., The New York Times reported. Prominent REvil victims include the JBS meat-packing company, entertainment lawyer Allen Grubman and a vendor for the Republican National Committee. (RELATED: Hacker Gang Demands Largest Ransom Ever In Latest Attack)

Cybersecurity experts believe that REvil, also known as Sodinokibi, is connected to, or protected by Russian intelligence agencies.

President Joe Biden pledged to hold Russia accountable for ransomware attacks on the U.S.’s supply chains. “We in fact made it clear that we were not going to continue to allow this to go on,” he said, following a June meeting with Russian President Vladimir Putin. Putin denied responsibility for the attacks at the meeting.

Following a series of REvil hacks over the fourth of July holiday weekend, Biden said he felt “good about our ability to respond.”

U.S. Cyber Command taking down the REvil site was one of three possible scenarios for its disappearance, according to The New York Times. Putin could have ordered the site shut down, or the hackers could have taken it down themselves. Another ransomware gang, DarkSide, voluntarily shut down in May after Colonial Pipeline paid it $5 million to restore the pipeline.

The Biden administration considers ransomware attacks to be a major national security threat. It released a memo in May urging companies to maintain cybersecurity best practices, including regularly backing up servers and updating and patching systems to prevent attacks.