Recently, a number of U.S. cybersecurity experts confirmed in an interview that one of the world's largest ransomware groups, the REvil Group (Also known as Sodinokibi), has been jointly enforced by multinational security agencies, some of its servers have been compromised and controlled, and its payment channels and data breach sites have been anonymously hijacked.
REvil, one of the most high-profile cyber ransomware organizations today, exploited a vulnerability in IT service software vendor Kaseya to launch a widespread supply chain attack on a host service provider in July, causing millions of production devices of thousands of U.S. businesses that purchased IT hosting services to be encrypted.
After the ransomware, REvil offered a sky-high ransom of $70 million, and although the ransom was cut to $50 million shortly after, the attack was still considered the largest cyber-ransoming event to date, and REvil became famous. According to U.S. security officials, REvil is at the top of its list of threats from ransomware syndicates.
The high-profile style also made REvil a key target for the government, and the United States soon launched countermeasures against him. On July 13, REvil's payment channel and data breach site failed for the first time, but two months later the site was revisited and the new REvil ransomware appeared.
In October this year, in the face of increasingly rampant online extortion, representatives of more than 30 countries, including the United States, France and Germany, promised to carry out joint operations to combat software extortion, and this time REvil was blocked again after two months of resurgence, which is also considered to have achieved initial results in the crackdown. Previously, the deputy attorney general of the United States had said that ransomware attacks on "critical infrastructure" should be treated as a national security issue on par with terrorism.
The crackdown also had a deterrent effect on the international extortion syndicate. According to blockchain company Elliptic, Darkside, a ransomware group that planned to attack Colonial, the largest U.S. fuel pipeline operator, and forced the closure of oil supply networks in East Coast states, has transferred its $7 million in bitcoin holdings through small conversions.
Groove, another prominent extortion group, has called for retaliation for U.S. law enforcement actions. On its leak website, Groove posted a public notice in Russian asking the extortion groups to stop fighting each other, unite to deal with the security services' crackdown, and target public facilities in the United States. It is foreseeable that as the threat to economic and social security posed by the ransomware group continues to expand, the offensive and defensive attacks and defenses between it and the cybersecurity departments of various countries will continue to escalate.
For more information, please download the 21 Finance APP
![Looking for a substitute driver but being extorted for nearly 10,000 yuan? note! Drunk driving "touching porcelain" has a new routine[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)