Unhappy customers and their own tricks used against them, REvil ransomware gang reportedly pulled offline by 'multi-country' operations As we noted a few days back, notorious ransomware gang REvil "disappeared" again this week. Recent reports have now shed light on why that may be. The REvil leaks blog, known as Happy Blog, was made inaccessible on October 17, the same day one of its operators announced the group was shutting down due to a hijacking of their …
If I'm not mistaken, it's only the servers and command structure that went down.
There haven't been any arrests.
So these people are free to set up a new command structure. I'm sure they have backups. They'll be back online shortly.
I applaud the takedown obviously, but until those scum are in jail, they'll be back.
I'm guessing that law enforcement sent REvil a malware infection to take control of their systems, but I would bet that REvil have backups so let's watch out for the future, will a new gang called livER appear sending out app to run on systems to "prevent" infections called "Ma Lawer" ....
I suppose if someone has been publicized as having a ransomware attack they might get third parties claiming the ransom should be paid to them, but unless they kept backups of their victim list the real ones might not know who to contact. Or for that matter have a working decryption key to provide!
It would be reasonable to believe that they admin'ed their servers through an onion-routed interface, at least if they had a drop of intelligence they would have. This makes finding the humans behind the tech a lot harder, maybe if we give them more time to dive into the systems they penetrated we can hope for arrests in the future.
This post has been deleted by its author
I enjoy greatly how the law-enforcement agencies have taken to using conspiracy theories to undermine criminals 'creds'. It's quite hilarious to see gangs being frustrated by their customers' distrust towards gangs' legitimacy after 'resurrection', PLUS those, totally anonymous, unhappy reviews. Ironically, as with any conspiracy theories, it's impossible to separate facts from fiction (ever!) and refute the theories, and I'm pretty sure law-enforcement agencies had a finger in sowing this mistrust.
Agree. Looks like the same old 'infiltrate the intruders' approach, though. Time honoured 'cause it always works.
Well, it works after some trial and error. The formation of CSIS in Canadaland comes to mind.
People taking it upon themselves to commit crimes for profit would appear to be quick to incite in the right/wrong company. Those that are bad at it, anyways.
"Luckily we have better brains and commanders around here. And encrypted backups."
Except we don't. Most of the time we barely have backups at all until 15 minutes after a need for them is proven and seagull manglement have had their shit blow up spectacularly in their own faces
Notably, Russia was not called by the other belligerent parties. Russia alleges they sent over 40 requisitions of cyber-threats detected, but all unanswered from USA. Do you see the trap? No cooperation to disrupt operations from A, but they need to disrupt operations from B.
Yup.
Most of this shit got kicked out of Ukraine some years back after tracebacks were demonstrated to the government and a simple ultimatum given of "stop this shit happening or you lose connectivity to the Tier 1 carriers"
It's been similar in most countries where the gangs hang out. Russia is the big holdout because mafia management
Reading the official Joint Statement of the 30 countries, there are some interesting quotes:
...uneven global implementation of the standards of the Financial Action Task Force (FATF) to virtual assets and virtual asset service providers (VASPs) creates an environment permissive to jurisdictional arbitrage by malicious actors...
"Arbitrage" is an interesting word. Used by multi-national traders to make money on the differences between stock markets, commodity markets, and currency markets. Used by tax lawyers to make money reducing the taxes for corporate clients (hello Ireland, hello North Dakota), And used by national governments to influence their friends and rivals for access to markets, commodities, taxes and now virtual currencies.
We will consider all national tools available in taking action against those responsible for ransomware operations threatening critical infrastructure and public safety.
Since "all national tools" includes intelligence, enforcement, diplomacy, and armed forces (not necessarily in that order), the statement essentially draws a line in the sand beyond which any and all "tools" will be used against the malefactors. Naming the issues: "critical infrastructure" and "safety" defines the line. However, may I point out that my "critical infrastructure" (hello Starbucks) is not the same as your "critical infrastructure" (hello food supply chain).
We will leverage diplomacy through coordination of action in response to states whenever they do not address the activities of cybercriminals.
A bit of bureaucratic phrasing, but it means "if you don't go after your cybercriminals, we will go after you". With multi-national coordinated action. See above.
I'm looking forward to hearing about how REvil was taken down.
Starbucks sells food, which is pretty important if you want to stay alive.
Sure there are other ways, and many people will argue better ways, to get food, but it is still part of the food distribution chain, and therefore critical national infrastructure.
Even if you never go there, other people do, and that means they aren’t going where you go. If they did, your place might not be able to cope.
> "if you don't go after your cybercriminals, we will go after you". With multi-national coordinated action. See above.
Making it personal is indeed how you deal with "protected individuals" or gangs
It's not just critical infrastructure. Making it hard for Russia to sell oil or otherwise earn crucial foreign exchange is a fast way of getting extra attention
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
