 |
| The largest group of ransomware hackers has been hacked |
According to Reuters, the US government has successfully infiltrated the REvil hacker organization, which is behind the ransomware attacks related to Apple's leaks and its attacks against corporate software providers.
Sources said the FBI, Secret Service, Internet Command and organizations in other countries worked together this month to shut down the organization.
The happy blog of the criminal group, which previously leaked victim data and blackmailed the company, is no longer available.
Earlier this week, reports emerged that the organization is no longer online because its Tor website is no longer available.
When the alleged leader of the organization posted on the forum that his server had been hacked, people speculated that it could be hacked. But it was not clear who was responsible at the time.
Reuters quoted sources as saying that government actions against ransomware hackers (including REvil) are still ongoing.
The US is slowly moving against groups linked to ransomware attacks because these attacks have become too costly for businesses (the company reportedly paid $40 million in ransom to get back on track).
The Treasury Department has imposed sanctions that make it difficult to monetize pirated copies. The Department of Justice has set up a team to investigate crimes committed by cryptocurrency exchanges, and it has repeatedly referred to the impact of ransomware in its advertisements.
Hacked REvil Ransomware Attack Toolkit
Due to the high impact or coercive nature of the attacks in question, REvil has caught the attention of late. The attack is blamed on Apple's suppliers and leaked MacBook Pro circuit diagrams. There have also been attacks on JBS, Kaseya, Travelex and Acer.
After REvil invaded US software management company Kaseya in July, the US government was quick to impose a blockade on REvil.
After the Kaseya attack, the FBI received a global decryption key that allows anyone infected with Kaseya to recover their files without paying a ransom.
However, the FBI later admitted that law enforcement initially held the keys for several weeks during the trial of the REvil members.
Law enforcement and cyber intelligence experts can hack REvil's IT network infrastructure and take control of some of its servers.
In July, after closing the website on which the group was operating, the group's main spokesperson gave himself an unknown name and disappeared from the Internet.
In terms of reported payments, the organization has been ranked as one of the largest ransomware attack organizations by the US Treasury's Financial Crimes Enforcement Network.
REvil has already closed its doors and its website disappeared from the dark web in July. It was a month after the FBI announced that the organization was responsible for the GPS attack. It is a company responsible for one fifth of the world's meat supply.
When gang members retrieved these pages from backups last month, they inadvertently restarted some internal systems that were controlled by law enforcement agencies.
Assuming it wasn't hacked, REvil restored the infrastructure from a backup. Ironically, the gang's preferred storage strategy isn't right for them.
A reliable backup is one of the most important defenses against ransomware attacks. However, it still should not be connected to the main network.