Unhappy customers and their own tricks used against them, REvil ransomware gang reportedly pulled offline by 'multi-country' operations • The Register Forums

Friday 22nd October 2021 11:18 GMT Pascal Monett

REvil's downfall

If I'm not mistaken, it's only the servers and command structure that went down.

There haven't been any arrests.

So these people are free to set up a new command structure. I'm sure they have backups. They'll be back online shortly.

I applaud the takedown obviously, but until those scum are in jail, they'll be back.

23 0 Reply

Friday 22nd October 2021 12:51 GMT Version 1.0

Re: REvil's downfall

I'm guessing that law enforcement sent REvil a malware infection to take control of their systems, but I would bet that REvil have backups so let's watch out for the future, will a new gang called livER appear sending out app to run on systems to "prevent" infections called "Ma Lawer" ....

0 0 Reply
Friday 22nd October 2021 13:10 GMT General Purpose

Re: REvil's downfall

>They'll be back online shortly.

But how will they prove they're genuine?

0 0 Reply
1. Friday 22nd October 2021 19:33 GMT DS999
  
  I'm Spartacus and so's my wife!
  
  I suppose if someone has been publicized as having a ransomware attack they might get third parties claiming the ransom should be paid to them, but unless they kept backups of their victim list the real ones might not know who to contact. Or for that matter have a working decryption key to provide!
  
  0 0 Reply
2. Friday 22nd October 2021 19:36 GMT Anonymous Coward
  
  Re: REvil's downfall
  
  They'll do it by repeating the last good one, which got into Solarwinds, and this time they'll delete and trash everything instead of simply extracting the data.. And its going to suck like we've never seen.
  
  0 0 Reply
Friday 22nd October 2021 14:28 GMT Snake

Re: REvil's downfall

It would be reasonable to believe that they admin'ed their servers through an onion-routed interface, at least if they had a drop of intelligence they would have. This makes finding the humans behind the tech a lot harder, maybe if we give them more time to dive into the systems they penetrated we can hope for arrests in the future.

2 0 Reply
1. Monday 1st November 2021 13:48 GMT Alan Brown
  
  Re: REvil's downfall
  
  "This makes finding the humans behind the tech a lot harder"
  
  Harder, but not impossible. In some ways onion routing can make it easier to find your bad guys
  
  0 0 Reply
This post has been deleted by its author

Friday 22nd October 2021 11:42 GMT Anonymous Coward

fight fire with fire

I enjoy greatly how the law-enforcement agencies have taken to using conspiracy theories to undermine criminals 'creds'. It's quite hilarious to see gangs being frustrated by their customers' distrust towards gangs' legitimacy after 'resurrection', PLUS those, totally anonymous, unhappy reviews. Ironically, as with any conspiracy theories, it's impossible to separate facts from fiction (ever!) and refute the theories, and I'm pretty sure law-enforcement agencies had a finger in sowing this mistrust.

19 0 Reply

Friday 22nd October 2021 13:50 GMT Sixtiesplastictrektableware

Re: fight fire with fire

Agree. Looks like the same old 'infiltrate the intruders' approach, though. Time honoured 'cause it always works.

Well, it works after some trial and error. The formation of CSIS in Canadaland comes to mind.

People taking it upon themselves to commit crimes for profit would appear to be quick to incite in the right/wrong company. Those that are bad at it, anyways.

0 0 Reply

Friday 22nd October 2021 13:45 GMT blue dragon

OR...

They abandoned everything and are in the planning phase to leverage the gigabyte master key theft. Just when we thought things were bad, in the words of the great scientist Sam Beckett; "Oh Boy"

4 0 Reply

Friday 22nd October 2021 14:07 GMT Clausewitz 4.0

Rhetoric

It is all about rhetoric. They ramper their cyber capabilities while trying to take down the opponent's cyber capabilities.

Luckily we have better brains and commanders around here. And encrypted backups.

0 3 Reply

Monday 1st November 2021 13:51 GMT Alan Brown

Re: Rhetoric

"Luckily we have better brains and commanders around here. And encrypted backups."

Except we don't. Most of the time we barely have backups at all until 15 minutes after a need for them is proven and seagull manglement have had their shit blow up spectacularly in their own faces

1 0 Reply

Friday 22nd October 2021 14:17 GMT Blackjack

They meet on Zoom?

That Zoom? The one that's not private or safe?

That's kind of funny.

3 0 Reply

Friday 22nd October 2021 14:26 GMT Clausewitz 4.0

We shall suppose quasi-normal talks are held there. Important discussions are done always behind closed-doors, in-person. With "bluetooth" disabled.

0 1 Reply
Saturday 23rd October 2021 19:53 GMT John Brown (no body)

Was it really Zoom or is Zoom just being used as a generic term for a video conference?

Has Zoom been Hoovered? Or iPadded? (Yes, I've heard people refer to generic Android tablets as an "iPad", or generic mobile phones as an "iPhone")

4 0 Reply

Friday 22nd October 2021 14:19 GMT Patched Out

Just deserts.

It would be really great if the law enforcement team that managed to infiltrate their infrastructure also managed to encrypt all of their backups prior to shutting them down. Now THAT would be justice.

9 0 Reply

Friday 22nd October 2021 14:25 GMT Snake

"Notably without Russia"

Big surprise. I was going to ask about Russia's involvement, expecting a "null" on that.

2 0 Reply

Friday 22nd October 2021 14:32 GMT Clausewitz 4.0

Re: "Notably without Russia"

Notably, Russia was not called by the other belligerent parties. Russia alleges they sent over 40 requisitions of cyber-threats detected, but all unanswered from USA. Do you see the trap? No cooperation to disrupt operations from A, but they need to disrupt operations from B.

1 4 Reply
1. Friday 22nd October 2021 14:39 GMT WolfFan
  
  Re: "Notably without Russia"
  
  No one believes what Russia alleges, in the unlikely event that there’s some truth to even one of those allegations, no one cares.
  
  10 1 Reply
  1. Friday 22nd October 2021 14:53 GMT Clausewitz 4.0
    
    Re: "Notably without Russia"
    
    You usually do not need to believe in anyone. But you should believe in serious folks with physical material and already demonstrated capabilities.
    
    1 6 Reply

Friday 22nd October 2021 15:30 GMT TrevorH

After Kaseya it appears that REvil got out of the ransomware business. If the recent attacks on VoIP infrastructure are to be believed they've moved into plain extortion instead - "Send us 10 BTC or we will DDoS your business to death".

0 0 Reply

Friday 22nd October 2021 21:50 GMT Anonymous Coward

Nice but

As anyone who has played can tell you, you can never win at Whack-a-Mole.

The little victories are satisfying but until Russia gets irritated enough to jail or extradite the perps they will just keep popping back up.

3 0 Reply

Monday 1st November 2021 13:54 GMT Alan Brown

Re: Nice but

Yup.

Most of this shit got kicked out of Ukraine some years back after tracebacks were demonstrated to the government and a simple ultimatum given of "stop this shit happening or you lose connectivity to the Tier 1 carriers"

It's been similar in most countries where the gangs hang out. Russia is the big holdout because mafia management

0 0 Reply

Saturday 23rd October 2021 17:17 GMT Bitsminer

means and ways

Reading the official Joint Statement of the 30 countries, there are some interesting quotes:

...uneven global implementation of the standards of the Financial Action Task Force (FATF) to virtual assets and virtual asset service providers (VASPs) creates an environment permissive to jurisdictional arbitrage by malicious actors...

"Arbitrage" is an interesting word. Used by multi-national traders to make money on the differences between stock markets, commodity markets, and currency markets. Used by tax lawyers to make money reducing the taxes for corporate clients (hello Ireland, hello North Dakota), And used by national governments to influence their friends and rivals for access to markets, commodities, taxes and now virtual currencies.

We will consider all national tools available in taking action against those responsible for ransomware operations threatening critical infrastructure and public safety.

Since "all national tools" includes intelligence, enforcement, diplomacy, and armed forces (not necessarily in that order), the statement essentially draws a line in the sand beyond which any and all "tools" will be used against the malefactors. Naming the issues: "critical infrastructure" and "safety" defines the line. However, may I point out that my "critical infrastructure" (hello Starbucks) is not the same as your "critical infrastructure" (hello food supply chain).

We will leverage diplomacy through coordination of action in response to states whenever they do not address the activities of cybercriminals.

A bit of bureaucratic phrasing, but it means "if you don't go after your cybercriminals, we will go after you". With multi-national coordinated action. See above.

I'm looking forward to hearing about how REvil was taken down.

2 0 Reply

Saturday 23rd October 2021 19:58 GMT John Brown (no body)

Re: means and ways

"I'm looking forward to hearing about how REvil was taken down."

Possibly in a future Who, Me? or On Call episode? Or maybe someone pissed off the BOFH.

2 0 Reply
Sunday 24th October 2021 04:08 GMT katrinab

Re: means and ways

Starbucks sells food, which is pretty important if you want to stay alive.

Sure there are other ways, and many people will argue better ways, to get food, but it is still part of the food distribution chain, and therefore critical national infrastructure.

Even if you never go there, other people do, and that means they aren’t going where you go. If they did, your place might not be able to cope.

0 0 Reply
Monday 1st November 2021 13:58 GMT Alan Brown

Re: means and ways

> "if you don't go after your cybercriminals, we will go after you". With multi-national coordinated action. See above.

Making it personal is indeed how you deal with "protected individuals" or gangs

It's not just critical infrastructure. Making it hard for Russia to sell oil or otherwise earn crucial foreign exchange is a fast way of getting extra attention

0 0 Reply

Topics

Special Features

Vendor Voice

Resources

COMMENTS

REvil's downfall

Re: REvil's downfall

Re: REvil's downfall

I'm Spartacus and so's my wife!

Re: REvil's downfall

Re: REvil's downfall

Re: REvil's downfall

fight fire with fire

Re: fight fire with fire

OR...

Rhetoric

Re: Rhetoric

Just deserts.

"Notably without Russia"

Re: "Notably without Russia"

Re: "Notably without Russia"

Re: "Notably without Russia"

Nice but

Re: Nice but

means and ways

Re: means and ways

Re: means and ways

Re: means and ways

POST COMMENT House rules

Enter your comment

Add an icon

Other stories you might like

Your ransomware nightmare just came true – now what?

Ransomware scum disrupted utility services with SimpleHelp attacks

Play ransomware crims exploit SimpleHelp flaw in double-extortion schemes

Scattered Spider has moved from retail to insurance

Crims defeat human intelligence with fake AI installers they poison with ransomware

Ransomware scum leak patient data after disrupting chemo treatments at Kettering

Remorseless extortionists claim to have stolen thousands of files from Freedman HealthCare

US infrastructure could crumble under cyberattack, ex-NSA advisor warns

Aussie businesses now have to fess up when they pay off ransomware crims

US medical org pays $50M+ to settle case after crims raided data and threatened to swat cancer patients

Lumma infostealer takedown may have inflicted only a flesh wound as crew keeps pinching and selling data

Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

About Us

Our Websites

Your Privacy