Ransomware group involved in the Colonial Pipeline attack hacked by the FBI
REvil, a Russian ransomware group, has been hacked by the FBI. This operation was the result of a collaboration between the FBI, the Secret Service, and allied countries. Cyber experts working with the law enforcement agency also managed to take down "Happy Blog", a website that the group was using to blackmail companies.
The Russian-led hacking group has been involved in high-profile cases of ransomware incidents, including the attack on the Colonial Pipeline that resulted in severe gas shortages in the US East Coast. While law enforcement agencies were on the heels of REvil for quite a while, efforts were accelerated after the attack on Kaseya, a US software management firm. What made the infiltration of Kaseya notable was the fact that hundreds of partner companies were also compromised. The FBI later managed to obtain decryption keys which the agency used to decrypt files of the victims.
During the hack of REvil, the ransomware group’s backups were also compromised. According to Oleg Sulkin, an expert at the security company Group-IB,” The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised. Ironically, the gang's own favorite tactic of compromising the backups was turned against them.”
The operation isn’t the only cybersecurity effort that the US government is involved in. Speaking to Reuters, a spokesperson for the White House National Security Council remarked,” Broadly speaking, we are undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors, working with the private sector to modernize our defenses, and building an international coalition to hold countries who harbor ransom actors accountable.”