The New York Times is reporting that the Russia-based REvil hacking group, which is widely believed to be responsible for several recent high-profile ransomware attacks in the United States and abroad, abruptly went off-line at approximately 1:00 a.m. on Tuesday. Specifically, REvil’s “happy blog,” which listed its hacking victims, disappeared from the dark web in the early hours of July 13—just a few days after President Biden demanded that Russian President Vladimir Putin bring REvil’s cyberattacks to an end.
While no one knows whether REvil’s disappearance from the dark web will be permanent, this is welcome news to cybersecurity professionals. However, the abrupt disappearance leaves some companies—those attempting to regain access to their data that REvil had locked up—in a bind because they seemingly have no way to de-encrypt the data without REvil providing the key.
Nixon Peabody’s Cybersecurity and Privacy team will continue to monitor this developing story.