Supernational fronts retaliate against cybercrime group REvil
Cybercrime group REvil was infiltrated by U.S. governmental agencies and obliged to go dark after cybercrime operation attacking from supernational fronts, reported by Reuters.
Speculations circulating the group’s recent absence following Recorded Future security specialist Dimitry Smilyanets went to Twitter to reveal various messages from the account of a famous REvil operator, ‘0_neday.’
The messages displayed on the microblogging platform elaborated the events that led to the cybercriminal forum XSS, alleging that someone took charge of the cyber group’s Tor payment portal and was controlling sites’ data leaks.
In the message, the account revealed how he and ‘Unknown, ’chief representative of the cyber entity, were the only group members with REvil’s domain keys. Then, the group’s representative’s absence left other members to predict that he was dead.
In September, REvil proceeded with its cybercrime activities. A factor that led to the realization that the group’s domain name was being reached by Unknown’s decryption key.
“The server was compromised, and they were looking for me. To be precise, they deleted the path to my hidden service in the torrc file and raised their own so that I would go there. I checked on others – this was not. Good luck, everyone, I’m off,” 0_neday wrote in a message.
After REvil’s Kaseya cybercrime, the FBI acquired a universal decryption key initiating file recovery to those exposed to Kaseya’s breach, without the need to pay a ransom.
Now, with the news message surfacing on Twitter, it seems that that law enforcement officials concealed the fact that they had the key for weeks as it was stealthily going after REvil’s staff, according to Reuters.
In reference to individuals familiar with the topic, law enforcement and intelligent cyber experts managed to compromise the criminal group’s network infrastructure and security management over some of its servers.
Following Unknown’s vanish, other group members re-obtained control over the websites last month. By doing so, REvil unintentionally restarted some intermetal systems, including the ones already powered by law enforcement.
“The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised,” deputy head of the forensics lab at the Russian-led security company Group-IB, Oleg Skulkin said in a statement.
“Ironically, the gang’s own favorite tactic of compromising the backups was turned against them,” Skulkin added.
Even though trust-worthy backups are perceived as a fundamental defense tactic to counteract ransomware activities, its vitality lies in remaining unconnected with other main networks. Otherwise, those too will be encrypted by cybercrimes groups similar to REvil.
One spokesperson close to the matter revealed that a foreign ally of the U.S. led the hacking mission that managed to infiltrate REvil’s network, while another anonymous former U.S. official commented on the mission saying the operation has not been finalized.
VMWare’s head of cybersecurity strategy, Tom Kellermann, told Reuters that the victory of federal operations immerges from a deep rigidity led by U.S. Deputy Attorney General Lisa Monaco, under the belief that cyberattacks on vital governmental ecosystems should be perceived as a threat to the country’s national security, and falls under the same umbrella as terrorist attacks.
The Kesaya and Colonial Pipeline ransomware attacks are the two main cases that paved the way for harsher approaches to navigate this counterattack – and similar future ones – pushed in June the Justice Department to authorize harsher examinations of cyberthreats to much more paramount priority.
REvil’s attacks provided the Justice Department and different government agencies to consider cybercrimes a legal basis to inquire support from other federal organizations, such as the U.S. intelligence and the Department of Defense.
Both the FBI and the White House National Security Council refrained from commenting on the operation.