REvil Ransomware gets hit by law enforcement
Summary
On 22nd October 2021 Router reported that “The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official.”
“The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” said Kellermann, an adviser to the U.S. Secret Service on cybercrime investigations. “REvil was top of the list.”
Revil ransomware is the Russian-led criminal gang who was responsible for the colonial pipeline cyber-attack on May which led a widespread gas shortage on the U.S. East Coast.
After the news of the shutdown of REvil the operations of Darkside and BlackMatter ransomware moveda large chunk of their Bitcoin. According to Omri Segev Moyal, CEO and co-founder of security firm Profero statement to The Record “Approximately 107 BTC ($6.8 million) were moved. Basically, whoever controlled the wallet started to break the BTC into small chunks,”.
Blockchain analysis company Elliptic post a blog on showing how the DarkSide’s cryptocurrency flowed through different wallets, shrinking from 107.8 BTC to 38.1 BTC.
After the report of Revil’s takedown the Groove ransomware gang published a post in Russian language on its leak site asking for other ransomware operations to target USA Interest.
The English translation goes as “In our difficult and troubled time when the US government is trying to fight us, I call on all partner programs to stop competing, unite and start xxcking up the US public sector, show this old man who is the boss here who is the boss and will be on the Internet while our boys were dying on honeypots, the nets from rude aibi squeezed their own… but he was rewarded with higher and now he will go to jail for treason, so let’s help our state fight against such ghouls as cybersecurity firms that are sold to amers, like US government agencies, I urge not to attack Chinese companies, because where do we pinch if our homeland suddenly turns away from us, only to our good neighbors – the Chinese! I BELIEVE THAT ALL ZONES IN THE USA WILL BE OPENED, ALL xxOES WILL COME OUT AND xxCK THIS xxCKING BIDEN IN ALL THE CRACKS, I myself will personally make efforts to do this
– Groove ransomware.”
References
- https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/
- https://therecord.media/darkside-ransomware-gang-moves-some-of-its-bitcoin-after-revil-got-hit-by-law-enforcement/
- https://www.bleepingcomputer.com/news/security/groove-ransomware-calls-on-all-extortion-gangs-to-attack-us-interests/
