A multi-national co-operative has taken down notorious ransomware gang REvil.
The tables have been turned on notorious ransomware group REvil, which has reportedly been taken down by a multi-national co-operative involving law enforcement and intelligence personnel.
According to private sector stakeholders co-operating with the US, the group was hacked and forced offline.
VMware head of cyber security strategy Tom Kellermann, who serves as an adviser to the US Secret Service on cyber crime investigations, said compromising the ransomware gang was a priority for the response team.
"The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” Kellermann said.
“REvil was top of the list.”
This followed a spate of cyber attacks on critical infrastructure, attributed to the Russian-led group, including the attack on the Colonial Pipeline, which leveraged Darkside’s encryption software.
An REvil figure, who refers to himself as ‘0_neday’, commented on a cyber crime forum following the multi-national operation.
"The server was compromised, and they were looking for me," the anonymous cyber actor said.
"Good luck, everyone; I'm off."
Subscribe to the Defence Connect daily newsletter.
Be the first to hear the latest developments in the defence industry.
The White House has declined to comment on the counter operation, but has noted the government’s broader efforts to fight cyber crime.
"Broadly speaking, we are undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors, working with the private sector to modernise our defences, and building an international coalition to hold countries who harbor ransom actors accountable," a spokesperson told Reuters.
According to Edgard Capdevielle, CEO of Nozomi Networks, this latest push to take down a ransomware gang should set a precedent for future responses.
“The US historically has had the reputation of, ‘if you physically come after us, we will come back at you 10 times harder and mess you up’,” he said.
“With cyber, this has not been the case, until yesterday’s announcement of law enforcement forcing REvil offline.
“While this is the first real public display of offensive cyber measures, true adversary deterrence is not built on one example of public response.”
Capdevielle said the US would need to take a consistent approach of zero tolerance in response to cyber-attacks on critical infrastructure and the private sector.
“This retaliation is by no means ‘equal’ or reciprocal – the impact to the United States from Colonial was still much greater than affecting their servers. This is a good first step,” he added.