Dark web sites linked to the REvil ransomware gang were not operating Tuesday morning, authorities have confirmed. It is not clear what led to the websites of the ransomware-as-service group going down Tuesday. Visitors to the sites, which had recently been active, were greeted with messages saying, “A server with the specified hostname could not be found.”
The disappearance of the public-facing sites affiliated with Russia-linked REvil, also known as Sodinokibi, comes on the heels of an international ransomware outbreak on July 2 that the group had taken credit for.
This comes amid growing pressure between the US and Russia over cyber-crime. US President Joe Biden said he raised the issue with Vlamidir Putin during a phone call on Friday last week, after discussing the subject during a summit with the Russian president in Geneva last month.
Mr Biden told reporters that he had “made it very clear to him…we expect them to act” on information and also hinted the US could take direct digital retaliation on servers used for intrusions. The timing of Tuesday’s outage has sparked speculation that either the US or Russian officials may have taken action against REvil.
REvil is one of the most prolific and feared of all ransomware gangs and if this really is the end, it will be extremely significant.