Not likely. At least, not for the group behind the ransomware anyway. The timing of REvil’s disappearance has caused quite a stir and plenty of speculation as to why the group has done dark. Theories abound including an FBI takedown, an exit scam, or even cooperation from Russian authorities after U.S. President Joe Biden has had multiple talks with Russian President Vladimir Putin over ransomware. Bleeping Computer’s Lawrence Abrams reached out to the FBI over the circumstances of the websites shutting down, though the agency declined to comment, potentially fueling the FBI theory further. However, for now, that’s all that these possibilities are. Just theories.
The one thing we do currently know is that these ransom groups tend to stick around, potentially forming new groups or releasing “new” ransomware under a different name to avoid immediate connection. In early 2019, the authors behind the Gandcrab “ransomware-as-a-service” (RaaS) announced their retirement. Security researchers later discovered links between the Gandcrab and REvil families, proving that the group did not actually retire as claimed. Unfortunately, even if the group does disappear, many others would gladly step in to fill the void and snatch up the newly-stranded customer base. REvil has many “affiliates” who break into networks and use the ransomware to extort their victims. Even if REvil ransomware is not available to them, they can simply switch to another RaaS offering and carry on with their crimes.