After nearly a two-month absence, cyber security researchers confirm the reappearance of Russian-linked ransomware gang, REvil. The cyber gang and their dark web servers went offline on July 13. It is presumed that their hasty disappearance came after learning of a possible law enforcement action — issued shortly after pressure from the Biden administration.
REvil came to be well known in the beginning of summer by its successful chain-attack on IT management provider, Kaseya. The company reported a breach which impacted 800-1,500 businesses. The cyber gang – also known by Sodinokibi – exploited vulnerabilities in Kaseya’s VSA, which gave them access to a range of Kaseya’s clients, making it one of the biggest ransomware attacks to date by demanding a ransom of $70 million.
Kaseya responded by shutting down its VSA and worked closely with the FBI, CISA and other defense parties to help with the incident.