Simply days after President Biden referred to as President Vladimir V. Putin of Russia and demanded that he act to close down ransomware teams which can be attacking American targets, the largest of them has gone off-line. The thriller is who made that occur.
The group, referred to as REvil, quick for “Ransomware evil,” is believed accountable for the assault that introduced down one in every of America’s largest beef producers, JBS, and it took credit score for a hack that affected 1000’s of companies around the globe over the July 4 vacation. On Friday, describing his ultimatum to the Russian president, Mr. Biden mentioned “we count on them to behave,” and when requested later if he would take down the group’s servers if Mr. Putin didn’t, the president merely mentioned, “Sure.”
However that is just one attainable clarification for what occurred round 1 a.m. on Tuesday, when the group’s websites on the darkish net abruptly disappeared. Gone was the publicly-available “completely happy weblog’’ that the group maintained, itemizing its victims, and web safety teams mentioned the custom-made websites the place victims negotiate with REvil over how a lot they are going to pay to get their information unlocked have been additionally lacking.
Whereas their disappearance was celebrated by many who see ransomware as a brand new scourge, one which Mr. Biden has referred to as a important nationwide safety risk, it left others within the lurch — unable to pay the ransom to get their information again, and their companies again up and working.
“What’s the plan for the victims?” requested Kurtis Minder, the chief government of Groupsense, a digital threat safety firm that was negotiating with the extortionists on behalf of a regional legislation agency whose information was stolen.
There have been three important theories floating round about why REvil, which appeared to revel within the publicity and reaped enormous ransoms — together with $11 million from JBS — abruptly disappeared.
One is that Mr. Biden ordered america Cyber Command, working with home legislation enforcement businesses, together with the F.B.I., to deliver it down. Cyber Command proved final 12 months that it might just do that, paralyzing a ransomware group that it feared may flip its expertise to freezing up voter registrations or different election information within the 2020 election.
The second concept is that Mr. Putin ordered the group taken down by Russia. If that’s the case, that might be a gesture towards heeding Mr. Biden’s warning, which he supplied, in additional basic phrases, when the 2 leaders met June 16 in Geneva.
And a 3rd is that REvil determined that the warmth was too intense, and took itself all the way down to keep away from change into a part of the crossfire between the American and Russian presidents. That’s what one other Russian-based group, Darkside, did after the ransomware assault on Colonial Pipeline, the U.S. firm that needed to shut the gasoline and jet gasoline working up the East Coast in Could.
However many specialists assume that Darkside’s going-out-of-business transfer was digital theater, and that the entire key ransomware expertise would reassemble below a unique title. If that’s the case, the identical might occur with REvil.
Only a few months in the past, ransomware was thought of largely a prison downside. However after the assault on Colonial Pipeline, Mr. Biden and his advisers started to declare that assaults which threaten important infrastructure represent a significant nationwide safety risk.