In a Global effort, the FBI and others crush REvil, one of the most dangerous and notorious hacking gang.REvil is responsible for the attack on the Colonial Pipeline,JBS Meats,and Kaseya IT Technology. A few days ago, it was discovered that the gang’s leak site, “Happy Blog” suddenly went off line. We don’t know why but there was concern as to what had happened. It could have been because the group’s former leader pulled an inside job or it could have been that law enforcement had successfully hacked and completely dismantled the group.Because law enforcement was able to pull encryption keys from the Kaseya attack,it is very possible the FBI and other countries had something to do with bringing down REvil.

FBI And Others Crush REvil

One theory is the gang rebranded.This is very common with hackers. Still,what happened was whoever relaunched REvil brought over the same technology. Keep in mind, this infrastructure was currently targeted by law enforcement around the world and to shut it down and restart it was not the smartest thing to do. Not only that, law enforcement used the same tactics the hackers use…compromised backups.

REvil has been one of the most notorious ransomware gangs in recent years. The group first appeared in 2019, and over the last year, it racked up a laundry list of victims. The first was a celebrity law firm that represented Lady Gaga, U2, and Madonna. The firm refused to pay the $21 million ransom, so REvil published some of Lady Gaga’s documents. Next up was contract manufacturer Quanta Computer. REvil stole confidential data from the company and published details of two Apple products.

How They Did It

In September, a report by The Washington Post revealed that the FBI had hacked REvil’s servers and obtained a universal decryption key but didn’t tell victims for three weeks. At the time, FBI Director Christopher Wray testified before Congress that the delay was strategic. “We make the decisions as a group, not unilaterally,” he said. “These are complex… decisions, designed to create maximum impact, and that takes time in going against adversaries where we have to marshal resources not just around the country but all over the world.”

Withholding the key appears to have paid off. The FBI and its collaborators were able to burrow deep enough into REvil’s operations that law enforcement’s software remained hidden in backups that were recently used by gang member “0_neday” to restore operations. When he spun things up again, he unknowingly granted law enforcement access to some of the systems, Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB, told Reuters.

“Ironically, the gang’s own favorite tactic of compromising the backups was turned against them,” Skulkin said.

Things Have Changed

Since the ransomware attacks have been considered terrorist attacks, the Government, which never wanted anything to do with them, is now heavily involved. The Justice Department along with the Pentagon and US Intelligence agencies are also involved.  Let’s hope we can put ransomware away forever.