Notebookcheck Logo

Ransomware group involved in the Colonial Pipeline attack hacked by the FBI

Ransomware group REvil taken down by the FBI
Ransomware group REvil taken down by the FBI (Image source: Kaspersky)
REvil, a Russian-led ransomware group that was involved in the Colonial Pipeline attack, has been hacked and its website was taken down by the FBI. The bureau, along with the Secret Service and partner countries, managed to infiltrate the group's infrastructure and compromise its backups. The anti-ransomware operation is part of a larger initiative by the US government to curb cyberattacks on the country's facilities.

REvil, a Russian ransomware group, has been hacked by the FBI. This operation was the result of a collaboration between the FBI, the Secret Service, and allied countries. Cyber experts working with the law enforcement agency also managed to take down "Happy Blog", a website that the group was using to blackmail companies.

The Russian-led hacking group has been involved in high-profile cases of ransomware incidents, including the attack on the Colonial Pipeline that resulted in severe gas shortages in the US East Coast. While law enforcement agencies were on the heels of REvil for quite a while, efforts were accelerated after the attack on Kaseya, a US software management firm. What made the infiltration of Kaseya notable was the fact that hundreds of partner companies were also compromised. The FBI later managed to obtain decryption keys which the agency used to decrypt files of the victims.

During the hack of REvil, the ransomware group’s backups were also compromised. According to Oleg Sulkin, an expert at the security company Group-IB,” The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised. Ironically, the gang's own favorite tactic of compromising the backups was turned against them.”

The operation isn’t the only cybersecurity effort that the US government is involved in. Speaking to Reuters, a spokesperson for the White House National Security Council remarked,” Broadly speaking, we are undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors, working with the private sector to modernize our defenses, and building an international coalition to hold countries who harbor ransom actors accountable.”

Buy Seagate portable 2TB external hard drive


static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2021 10 > Ransomware group involved in the Colonial Pipeline attack hacked by the FBI
Fawad Murtaza, 2021-10-26 (Update: 2021-10-26)