The events around cybercriminals who sabotaged American companies and economic sectors from the territory of Russia, including even the healthcare sector, are rapidly developing. After the ultimatum that Biden put forward to Putin in a telephone conversation, the sites of one of the most active groups of ransomware hackers, REvil (Ransomware evil), disappeared from the Web. Now the American media are wondering "what was it".
The situation is analyzed by the leading American publication The New York Times, which notes that just days after President Biden demanded that President Putin neutralize cyber ransomware attacking American targets, the most aggressive of the groups suddenly shut down early Tuesday morning.
The mystery, according to journalists, is who exactly did it?
The group, dubbed REvil (short for "Ransomware Evil"), was identified by US intelligence agencies as being responsible for the attack on one of America's largest beef producers, JBS. Two weeks after Mr Biden and Mr Putin met in Geneva last month, Reville claimed responsibility for an attack that affected thousands of businesses around the world on July 4, US Independence Day.
This attack led to the fact that Biden put forward an ultimatum in a telephone conversation with the Russian president on Friday, and later expressed the hope that the Russian side would take action. Otherwise, Biden said that American specialists would shut down the servers of the criminal group.
Perhaps this is what happened, the newspaper writes.
But this is only one possible explanation for what happened at about 1 am Moscow time on Tuesday, when the group's sites suddenly disappeared from the network, including the publicly available "happy blog" run by hackers and which listed the names of some of their victims, as well as the amount of proceeds from digital extortion. The payment infrastructure has also disappeared.
The publication lists three main versions of why the cyber ransomware REVIL suddenly disappeared from the Network, and received, among other things, $ 11 million from JBS.
By the way, this is exactly what another Russian cyber group, DarkSide, did earlier after an attack on the servers of the American oil company Colonial Pipeline, which in May had to close a pipeline that supplies gas and jet fuel to most of the East Coast after its computer network was hacked.
Many experts, however, believe that DarkSide's exit from the business was nothing more than a "theatrical production" and that all of the ransomware's key talents would gather under a different name. If so, then the same could happen with REvil, which experts estimate is responsible for about a quarter of all sophisticated ransomware attacks on Western targets.
In addition, the publication notes that shutting down REvil could give extortionists an opportunity to get away with their winnings, while their victims - American companies and cities - may never get their encryption keys back and their data will be blocked, possibly forever. After all, often when groups of ransomware break up, they publish keys to unlock the data, and this did not happen on Tuesday.
In addition, few experts doubt that the same activity will soon resume under some new brand.