Kaspersky Comment: REvil’s resources disappear
July 2021 by Vladimir Kuskov, Head of threat exploration au sein de Kaspersky
Resources related to REvil, the ransomware operator known for major attacks against JBS S.A and Kaseya, have disappeared from the internet. This includes a blog ran by members of the operation, as well as a payment website.
Following wide speculation around the reasons behind the sudden disappearance of these online resources, Vladimir Kuskov, head of threat exploration at Kaspersky, offers the below comment.
“Resources related to REvil, which included a blog with information about their attacks, as well as payment sites, went offline. A representative of this group was also banned from a popular darknet forum where participants of this criminal industry communicate.
Why the websites went down is not yet clear, however, circumstances suggest that REvil might stop its operations, following the path DarkSide, Avaddon, and Babuk took. However, similarly to other groups, which get more attention from authorities than they would deem safe – it is likely that they will interrupt their operations for a while, and return to the “market” under their current name or with a new one.”