Internet monitors have confirmed that websites run by the ransomware group REvil have gone offline. This includes a payment website used to extract ransoms and a blog for posting updates and instructions.
The pages became unreachable on July 13. The seeming disappearance of the group comes after growing pressure from the US on Russia to tighten cybersecurity. This, in turn, is a response to a hack over the 4th of July weekend perpetrated by REvil.
Cybersecurity experts believe REvil is an offshoot of a defunct hacking organization known as GandCrab. This is due to the fact that REvil became active soon after GandCrab disappeared and the two groups’ ransomware shares a lot of code.
If that’s the case, REvil or some of its members could resurface as a hacking organization under a new name.
Ransomware-as-a-service, where groups like REvil provide the code and affiliates spread it for a cut of the ransom, are extremely lucrative. For example, a ransom of $70,000,000 in Bitcoin was asked for in the 4th July weekend hack.
Of course, some of the affected groups are working on decrypting their data without paying the ransom or saving themselves through regular backups. With the payment sites going down, however, it’s uncertain what the outcome will be.