REvil the ransomware gang has been taken down by an active multi-country law enforcement operation. This resulted in a hacking and taking offline for a second time, all its services and ecosystem as a whole.
The Reuters has stated that multiple private-sector cyber experts worked with the U.S. government noting that the May cyber attack on Colonial Pipeline relied on encryption software developed by REvil associates.
Blockchain analytics firm Elliptic has also disclosed that over $7 million in bitcoin held by Revil was moved through a series of new wallets with small fraction of the amount being transferred with each transfer to make the laundered money difficult to track.
It was revealed that REvil’s Tor payment portal and data leak website had been hijacked thus leading to speculations that this could have been as a a result of coordinated law enforcement invlovement.
Profits raked in by ransomware operators has been on the rise as the ransomware economy is now characterized by a complex partnership with ransomware-as-a-service (RaaS) syndicates like REvil and Darkside renting their file-encrypting malware to affiliates recruited through online forums and Telegram channels, who launch the attacks against corporate networks in exchange for a large share of the paid ransom.
Thus allowing ransomware operators imorove the product and affiliates can focus on spreading the ransomware and infecting as many victims as possible. With an assembly line of ransom payouts, profits are split between the developer and themselves. Affiliates have also at times, turned to other cybercriminal enterprises that offer initial access via persistent backdoors to orchestrate the inrusions.
REvil had earlier on shut down in mid-July 2021 but the crew returned in early September under the same brand name, eve as the FBI stealthily planned to dismantle the threat actor’s malicious activities without their knowledge as reported by the Washington Post last month.
However the ransomware gang restored the infrastructure from the backups with an assumption that they had not been compromised. Funny as it sounds, the gangs own favorite tactic of compromising the backups was turned against them.