Metacurity

Share this post

FBI, Cyber Command, Secret Service and Allies Hacked and Forced Ransomware Group REvil Offline

metacurity.substack.com

FBI, Cyber Command, Secret Service and Allies Hacked and Forced Ransomware Group REvil Offline

Fin7 created a fake website to recruit hackers, Evil Corp demands up to $40M in Macaw ransomware attacks, Trump's Truth Social taken down in hours, FTC details the breadth of ISP data collection, more

Cynthia Brumfield
Oct 22, 2021
∙ Paid
1
Share

The ransomware group REvil was hacked and forced offline this week by the “FBI, in conjunction with Cyber Command, the Secret Service, and like-minded countries,” according to Tom Kellerman, VMWare head of cybersecurity and an adviser to the U.S. Secret Service on cybercrime investigations.

REvil’s website was shuttered following its July ransomware attack on software company Kaseya. The group’s site had come back online last month, but a leadership figure known as "0_neday," who had helped restart the group's operations, had said an unnamed party had hacked REvil's servers. When 0_neday and others restored those websites from a backup, they unknowingly restarted some internal systems already controlled by law enforcement, turning the gang’s favorite tactic of compromising backups against them.

One source said that a foreign partner of the U.S. government carried out the hacking operation that penetrated REvil's computer architecture. A former U.S. official says the operation against RE…

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing