Press "Enter" to skip to content

FBI Uses REvil's Own Tactic Against the Russian-Linked Hacking Group | Experts Say Ransomware Actors' Strategy “Dumb”

The FBI (Federal Bureau of Investigation) used REvil’s own tactic to shut down the hacking groups’ leak site. This is a major turnaround since the ransomware group is one of the most notorious online criminals across the globe. 

(Photo : Photo by Mario Tama/Getty Images)

An FBI agent walks toward the site of the Gilroy Garlic Festival after a mass shooting there yesterday on July 29, 2019 in Gilroy, California. Three victims were killed and at least a dozen were wounded before police officers killed the suspect.

This was shown when the official leak website of the hackers went offline. Because of this, many speculations about how the malicious actors’ page was taken down started to appear.

These include the theory of a former member going against the group. On the other hand, some experts claimed that law enforcement was the one that successfully breached the website. 

But, Reuters reported that the FBI, together with Cyber Command and Secret Service and other security agencies, were able to take down the Russian-linked hackers using their favorite technique, which is relying on compromised backups. 

FBI Using REvil’s Technique

According to ArsTechnica’s latest report, the U.S. Justice Department was able to receive assistance from the U.S. intelligence agencies and the Pentagon since REvil is considered a national security threat comparable to terrorism attacks. 

(Photo : Photo credit should read ODD ANDERSEN/AFP via Getty Images)

A computer screen of Dirk Engling, spokesperson of the Chaos Computer Club, shows the file name (highlighted) of the Trojan spyware allegedly made by the German authorities in the CCC’s offices in Berlin on October 12 , 2011. The computer club and German hacker organization claims to have cracked spying software allegedly used by German authorities. The Trojan horse has functions which go way beyond those allowed by German law.

Also Read: US-Based Candy Company Ferrara Suffers From Recent Ransomware Attack

But, the FBI was still able to find a way on how to breach the system of these malicious actors. Involved security experts were able to acquire a universal description key from the hackers. 

The U.S. security agency said that they did not announce this information so that REvil would have no idea on what they acquired. Thanks to their efforts, REvil is now completely out of the picture. 

Since their one strategy was used against them, Allan Liska, one of the involved ransomware experts, described REvil’s decision of using an old infrastructure as a “dumb” decision. 

Thanks to the efforts FBI and other cybersecurity firms, REvil is now ending its ransomware activities. In other news, another ransomware group linked to hackers of Colonial Pipeline has appeared.  

A REvil Member Also At Fault? 

0_neday, one of the REvil members, said that their official leak website was breached by an unknown party. The FBI believed that he is also one of the hackers who restored some internal systems, which were already controlled by law enforcement. 

Because of this, the Federal Bureau of Investigation was able to detect them, allowing them to take down the international hacking group. 

For more news updates about REvil and other hackers, always keep your tabs open here at TechTimes.  

Related Article: REvil Ransomware Group that Threatened Apple ‘Mysteriously’ Deleted Documents and Extortion Threats

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2021 All rights reserved. Do not reproduce without permission.

Be First to Comment

Leave a Reply

Your email address will not be published.