REvil’s dark web data-leak site and ransom-negotiating portals go offline, stirring speculation about what might have happened.

Ransomware attacks have increased in recent years as gangs use more sophisticated technology to avoid detection.
Ransomware attacks have increased in recent years as gangs use more sophisticated technology to avoid detection. (Getty Images)

A criminal syndicate behind devastating ransomeware cyber attacks in the US has gone offline, leaving experts to wonder what might have happened. 

It's not clear if law enforcement agencies are behind the takedown of the gang believed to be based in Russia. 

REvil's dark web data-leak site and ransom-negotiating portals were both unreachable, cybersecurity researchers said on Tuesday.

READ MORE: US pipeline suspends operation after ransomware attack

The group was responsible for the Memorial Day ransomware attack on the meat processor JBS and the supply-chain attack this month targeting the software company Kaseya that crippled well over 1,000 businesses globally.

READ MORE: Meat producer online after cyberattack

President Joe Biden told Russian President Vladimir Putin on a call on Friday that he needed to rein in attacks from Russia-based groups and warned that the US had the right to defend its people and critical infrastructure from attacks.

Laying low or switching methods?

But there were no immediate or public signs that the government had anything to do with REvil appearing offline.

It was also possible that the group was laying low after the attack, or switching methods “as we did expose them," said threat researcher Ryan Sherstobitoff of SecurityScorecard.

“It could be that the server hardware failed, or that it was intentionally taken down, or that someone attacked their host,” said Sean Gallagher, a threat researcher at the cybersecurity firm Sophos.

READ MORE: Ransomware attack hit 1,000 companies

He noted that REvil’s public ransom-negotiating site was also down last week.

Spokespeople for the White House and US CyberCommand, the Pentagon's cyber arm, declined to comment on Tuesday.

“We have seen no indicators for either voluntary shutdown nor of any offensive steps from law enforcement," said Alex Holden, founder and chief information security officer of Hold Security. 

“Right now, perhaps, it is too early to speculate, especially as REvil was building up their strength over the recent months.”

"There is always a glimmer of hope that Russia is finally doing something right,” he added.

Source: TRTWorld and agencies