MAGGIE MILLER – 07/13/21
Websites on the dark web used by a criminal hacking group believed to be behind the recent massive ransomware attack on software company Kaseya went offline Tuesday.
The hacking group, REvil, is believed to be based in Russia, and has been linked by the FBI to the ransomware attack in May on JBS USA, the nation’s largest beef producer. The more recent attack on Kaseya impacted up to 1,500 companies, many of them small businesses.
According to The New York Times, the websites on the dark web used by REvil to negotiate payment with victims and lists of companies it had targeted went dark early on Tuesday morning.
John Hultquist, the vice president of Analysis at cybersecurity group FireEye’s Mandiant Threat Intelligence, confirmed the takedown, saying in a statement provided to The Hill Tuesday that “at the time of analysis all known websites associated with the REvil ransomware RaaS are offline or non-responsive.”
REvil’s darknet (.onion) and clearnet (decoder.re) websites are offline, and although we have no visibility into exactly how their darknet sites have been taken down their clearnet site’s domain has simply ceased resolving to an IP address and its dedicated name servers are still online,” Hultquist said.
The White House has so far not commented on the takedown of the websites.
Deputy press secretary Karine Jean-Pierre told reporters aboard Air Force One on Tuesday “I don’t have anything further to share on that,” when asked about the incident.
The Hill has reached out to the FBI for comment, and the Cybersecurity and Infrastructure Security Agency (CISA) declined to comment on the takedowns.