REvil, the ransomware group that hacked into the U.S. Colonial Pipeline this previous Might, was itself hacked and shut down by a multinational cyber operation, in response to an unique report from Reuters.

The ransomware group REvil has been shutdown by the government using the same technique that it uses to hack into the servers of private companies.

© iStock/Getty
The ransomware group REvil has been shutdown by the federal government utilizing the identical method that it makes use of to hack into the servers of personal firms.

The group was reportedly hacked into utilizing the identical method that introduced down the Pipeline.


Load Error

Officers from the Federal Bureau of Investigation (FBI) together with the U.S. Cyber Command, labored with quite a few completely different nations to deliver down REvil in addition to quite a few different cybercrime teams.

On a latest web discussion board put up, one of many leaders of REvil, identified solely as 0_neday, wrote that “the server was compromised, and so they had been in search of me.”

“Good luck, everybody; I am off,” 0_neday continued.

The shutdown by the federal government used a loophole within the ransomware’s backup system, permitting regulation enforcement companies to entry REvil’s servers and shut them down.

“REvil…restored the infrastructure from the backups beneath the idea that they’d not been compromised,” stated Oleg Skulkin, an official on the Russian safety firm Group-IB. “Mockingly, the gang’s personal favourite tactic of compromising the backups was turned towards them.”

Reuters has described REvil as “one of many worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze firms around the globe.”

The hacking of the Colonial Pipeline by REvil and one other ransomware group, DarkSide, led to huge gasoline shortages and brought on President Joe Biden to declare a state of emergency. The pipeline was solely restored after Colonial Pipeline Firm despatched REvil $4.4 million.

REvil made headlines once more in July when it hacked into software program administration firm Kaseya, permitting the group to entry the private data of a whole bunch of the corporate’s shoppers.

The White Home Nationwide Safety Council informed Reuters that they had been “endeavor a complete of presidency ransomware effort, together with disruption of ransomware infrastructure and actors,” however declined to remark particularly on the REvil operation.

Associated Articles

Begin your limitless Newsweek trial

Proceed Studying