July 13, 2021

Days After a Threat From Biden, a Major Ransomware Group Goes Dark

The US recently suggested it would step up undercover attacks on Russian cyber criminals.

Hollandse-Hoogte/Zuma

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

A prolific ransomware group that was behind some of the year’s most prominent online attacks has gone dark—at least for now.

Websites used by REvil, whose software is thought to have been used to target meatpacker JBS in late May, and, more recently, software company Kaseya, were unaccessible on Tuesday, according to multiple information security researchers.

Given that President Joe Biden warned Russian President Vladimir Putin in a phone call just last week that the US might take action against ransomware groups operating from Russia if the Russian government didn’t, speculation quickly turned to some sort of American plot. Shortly after the presidents’ conversation, a Biden administration official told reporters that such actions were imminent, warning, according to the New York Times, that while some aspects of the response would “be manifest and visible…some of them may not be. But we expect that those take place in the days and weeks ahead.” 

REvil has long been thought to be run out of Russia, targeting a range of large, small, prominent, and obscure entities. The outfit provides ransomware software to affiliates, splitting any eventual payout. In the JBS case, they reportedly netted $11 million. The attack on Kaseya, which emerged as the US headed into the July 4 weekend, affected thousands of companies in 17 countries that use its IT infrastructure services.

Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, told Bloomberg that the group’s extortion page—where companies’ data was posted as proof—was unavailable on Tuesday, as were the group’s payment portals and chat functions.

Brett Callow, a ransomware expert with cybersecurity firm Emsisoft, told Mother Jones Tuesday morning that, despite the administration’s threats, it was “far too early to read anything into this,” explaining that site has a history of outages. “This could be a temporary outage due to infrastructure upgrades or a disruption by law enforcement or REvil pulling the plug to sail off into the sunset,” Callow cautioned. Other researchers echoed the sentiment.

The FBI and US Cyber Command declined requests for comment.

WE CAME UP SHORT.

We just wrapped up a shorter-than-normal, urgent-as-ever fundraising drive and we came up about $45,000 short of our $300,000 goal.

That means we're going to have upwards of $350,000, maybe more, to raise in online donations between now and June 30, when our fiscal year ends and we have to get to break-even. And even though there's zero cushion to miss the mark, we won't be all that in your face about our fundraising again until June.

So we urgently need this specific ask, what you're reading right now, to start bringing in more donations than it ever has. The reality, for these next few months and next few years, is that we have to start finding ways to grow our online supporter base in a big way—and we're optimistic we can keep making real headway by being real with you about this.

Because the bottom line: Corporations and powerful people with deep pockets will never sustain the type of journalism Mother Jones exists to do. The only investors who won’t let independent, investigative journalism down are the people who actually care about its future—you.

And we hope you might consider pitching in before moving on to whatever it is you're about to do next. We really need to see if we'll be able to raise more with this real estate on a daily basis than we have been, so we're hoping to see a promising start.

payment methods

WE CAME UP SHORT.

We just wrapped up a shorter-than-normal, urgent-as-ever fundraising drive and we came up about $45,000 short of our $300,000 goal.

That means we're going to have upwards of $350,000, maybe more, to raise in online donations between now and June 30, when our fiscal year ends and we have to get to break-even. And even though there's zero cushion to miss the mark, we won't be all that in your face about our fundraising again until June.

So we urgently need this specific ask, what you're reading right now, to start bringing in more donations than it ever has. The reality, for these next few months and next few years, is that we have to start finding ways to grow our online supporter base in a big way—and we're optimistic we can keep making real headway by being real with you about this.

Because the bottom line: Corporations and powerful people with deep pockets will never sustain the type of journalism Mother Jones exists to do. The only investors who won’t let independent, investigative journalism down are the people who actually care about its future—you.

And we hope you might consider pitching in before moving on to whatever it is you're about to do next. We really need to see if we'll be able to raise more with this real estate on a daily basis than we have been, so we're hoping to see a promising start.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate