July 13 (UPI) — Russian-linked ransomware gang REvil’s site is down days after U.S. President Joe Biden urged Russian President Vladimir Putin to take action.
The dark web sites for the cybercriminal group REvil, also known as Sodinokibi, went offline Tuesday, according to CNBC and Bloomberg.
Biden had urged Putin on Friday to crack down on the ransomware group, which has taken credit for July 2 attacks on multiple software providers, including Florida-based software provider Kaseya. Last month, the FBI identified the same group as also being behind the cyberattack against meatpacker JBS that shuttered U.S. and Australian operations.
JBS said last month it paid the cybercriminal group $11 million in ransom. The company said in a statement the vast majority of the company’s facilities were operational at the time, but the decision was made to “mitigate any unforeseen issues” and “ensure no data was exfiltrated.”
Whether the REvil sites were removed temporarily or law enforcement took the websites offline is not yet known, Allan Liska, a senior threat analyst at cybersecurity firm Recorded Future, said in text message, obtained by Bloomberg.
“It’s too early too tell, but I’ve never seen ALL of their infrastructure offline like this,” Liska said in the text message. “I can’t find any of their infrastructure online. Their extortion page is gone, all of their payment portals are offline, as is their chat function.”
In May, a hacking group, DarkSide, with suspected ties to Russian criminals, according to CNBC, was accused of a ransomware attack on Georgia-based Colonial Pipeline that led to gas shortages across the United States until “normal operations” resumed a few days later.
The restart came after Colonial paid nearly $5 million in ransom, Bloomberg reported.
A few weeks later, the U.S. Department of Justice announced that it had recovered 63.7 bitcoins valued at $2.3 million from DarkSide.
DarkSide’s dark web pages similarly shutdown after pressure from the Biden administration, but it’s unclear if the group actually retired or rebranded under a new name, according to cybersecurity experts, Bloomberg reported.