Multiple REvil ransomware sites are down on the darkweb
Suebsiri Srithanyarat | EyeEm | Getty Images
Darkweb sites linked to the REvil ransomware gang were not operating Tuesday morning, CNBC has confirmed.
It is not clear what led to the websites of the ransomware-as-service group going down Tuesday.
The disappearance of the public-facing sites affiliated with Russia-linked REVil, also known as Sodinokibi, comes on the heels of an international ransomware outbreak on July 2 that the group had taken credit for.
The group also is believed to have recently attacked computers belonging to JBS, forcing the world’s largest meatpacking company to shut down operations in the United States for one day in June, and also disrupted operations in Australia.
JBS paid the equivalent of $11 million in ransom to get the gang to undo the attack.
Visitors to the sites, which had recently been active, were greeted with messages saying, “A server with the specified hostname could not be found.”
Bleeping Computer’s Lawrence Abrams had tweeted earlier Tuesday that REvil sites were down
Several cybersecurity officials later confirmed that report to CNBC’s Eamon Javers.
Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a payment in exchange for the release of data.
The FBI has previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.
The latest ransomware attack, disclosed earlier this month by Florida-based software provider Kaseya, spread to at least six European countries and breached the networks of thousands across the United States.
In May, a hacking group known as DarkSide with suspected ties to Russian criminals launched a ransomware attack on Colonial Pipeline, forcing the U.S. company to shut down approximately 5,500 miles of pipeline.
It led to a disruption of nearly half of the East Coast’s fuel supply and caused gasoline shortages in the Southeast and airline disruptions. Colonial Pipeline paid $5 million in ransom to the cybercriminals in order to restart operations.
A few weeks after the attack, U.S. law enforcement officials were able to recover $2.3 million in bitcoin from the hacker group.