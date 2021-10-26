The REvil group, known to have hacked many companies to demand ransoms, has just been put out of action. The group’s servers have been infiltrated by authorities through cooperation between the FBI, US Cyber ​​Command, the US Secret Service and other countries.

An operation bringing together the police of several countries has just put out of harm’s way the servers of one of the most famous groups of ransomware. REvil, a Russian hacker group, fell victim to one of its own techniques when authorities infiltrated its servers and backups.





REvil appeared in 2019 and has a string of major hacks. The group uses the DarkSide ransomware, and was associated with the group of the same name that took the Colonial Pipeline in May. REvil attacked Acer in March and demanded $ 50 million. The group also attacked Apple via servers of a subcontractor and threatened to disclose confidential documents concerning new products.

Safeguards for criminals compromised

One of attacks most important took place in July, when hackers managed to infiltrate Kaseya software publisher. Many businesses, Kaseya customers, had been affected. It was at this point that the police in turn managed to infiltrate the REvil servers to obtain a key. decryption universal. They also used one of the band’s favorite techniques: infiltrating backups.

The criminals then disappeared temporarily, before the authorities could intervene. Last month, the group resumed its activity by restoring already compromised backups, giving access to the police who were able to shut down the servers. This solution is not perfect, since as long as the members of REvil have not all been arrested, the group will still be able to come back. However, they will have to start all over again.