Cyber security experts told Reuters that law enforcement agencies from several countries were involved in breaking up the REvil ransomware gang. The group announced its breakup last weekend.
Earlier, a suspected member of the group had told security expert Dmitry Smilyanets that someone had taken control of the Tor payment portal and the group’s data breach website. Reuters has now confirmed that law enforcement agencies from the US and other countries as well as a number of cybersecurity experts are behind the actions described on Sunday by the alleged REvil member.
VMWare’s head of cybersecurity Tom Kellerman and other sources told Reuters that governments hacked REvil’s infrastructure and took the system offline.
Jake Williams, CTO of BreachQuest, also told Pentest7 that at least since October 17th, closed CTI groups have spoken about the compromise of REvil. “By October 17th at the latest it was known that the members of the core group behind REvil had almost certainly been compromised. By operating the hidden Tor services, someone proved they had the necessary private keys. That was the end of REvil, which was struggling to attract new members after its infrastructure went offline in July following the Kaseya attack, ”added Williams.