The American authorities have obviously decided to put the package in the fight against ransomware. According to Reuters, the FBI has worked with Cyber ​​Command, the Secret Service and law enforcement in third countries to hack and take the servers of the dreaded REvil ransomware group offline. This operation began this week and is reportedly still ongoing. According to the analyzes of Recorded Future, the hacker “0_neday”, one of the operators of REvil, had posted an alert on a hacker forum last weekend. “The servers are compromised and they are chasing me. Good luck to everyone “, he wrote.

The REvil group disappeared from circulation in early July and reappeared in early September. However, the main spokesperson, a certain “Unknown” never resurfaced. The technical infrastructure was reportedly restarted by 0_neday and other gang members relying on backups. But these were in fact infected by the police. This sabotage would have been carried out “By a foreign partner of the US government”. “Ironically, the gang’s favorite tactic of compromising the backups backfired.”, commented Oleg Skulkin, deputy director forensics at Group-IB, to Reuters.





If the operation was successful, it is in particular thanks to the participation of the military forces of Cyber ​​Command. “Before, you couldn’t hack these forums, and the military didn’t want anything to do with it. But now, we stop taking gloves “Attorney General John Carlin told Reuters last June. Indeed, since the Colonial Pipelines hack and the blockage of its pipelines, ransomware cases may now be a matter of national security. This makes it possible to mobilize a lot more resources.

In other words, the United States is engaged in a real war on ransomware, the goal being to dismantle the infrastructures, to stop the actors and to point the finger at the countries which host them. However, we know that most ransomware groups operate from within Russia’s area of ​​influence.

Source: Reuters