Ransomware gang outraged at “bandit-mugging behavior of the United States” after REvil group pushed offline

Isn’t it ironic? (Don’t you think?)

Graham Cluley
Graham Cluley
@[email protected]

Ransomware gang outraged at "bandit-mugging behavior of the United States" after REvil group pushed offline

What’s the definition of “ironic”?

You could ask Alanis Morrisette, who’ll just tell you something about too many spoons, or rain or your wedding day…. or you could hear a notorious cybercrime group moaning about the action being taken against a fellow ransomware gang.

Last week Reuters reported that law enforcement agencies in various countries, including the FBI, had managed to disrupt the activities of the REvil ransomware gang (sometimes known as Sodinokibi).

Sign up to our free newsletter.
Security news, advice, and tips.

REvil, you will recall, is the ransomware-as-a-service (RAAS) enterprise that rents out its expertise and infrastructure to other criminals – giving even those without technical ability a means to profit from ransomware. Victims of REvil ransomware attacks have included customers of Kaseya, meat supplier JBS, and a Swedish supermarket chain.

That’s enough to warrant some serious attention from the powers-that-be, and as Reuters reported last week, sources claim that “law enforcement and intelligence cyber specialists were able to hack REvil’s computer network infrastructure, obtaining control of at least some of their servers.”

As a result, the REvil’s group so-called “Happy blog, where it usually published its litany of corporate victims and shared hacked data, is no longer operational.

Happy blog

Ironically, according to the report, the REvil gang made a schoolboy error when trying to recover their systems:

When gang member 0_neday and others restored those websites from a backup last month, he unknowingly restarted some internal systems that were already controlled by law enforcement.

“The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised,” said Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB. “Ironically, the gang’s own favorite tactic of compromising the backups was turned against them.”

These developments have not gone unnoticed by at least one other cybercrime gang engaged in ransomware attacks. For instance, Brian Krebs reports that a member of the Conti ransomware group ranted on a Russian language hacking forum that the action against REvil was a “unilateral, extraterritorial, and bandit-mugging behavior of the United States in world affairs.”

He went on:

“Is there a law, even an American one, even a local one in any county of any of the 50 states, that legitimize such indiscriminate offensive action?

Is server hacking suddenly legal in the United States or in any of the US jurisdictions? Suppose there is such an outrageous law that allows you to hack servers in a foreign country. How legal is this from the point of view of the country whose servers were attacked? Infrastructure is not flying there in space or floating in neutral waters. It is a part of someone’s sovereignty.”

A cybercriminal who hacks into corporations for a living, complaining that criminal hackers have been hacked themselves.

Yup, that’s pretty ironic.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Ransomware gang outraged at “bandit-mugging behavior of the United States” after REvil group pushed offline”

  1. Jim Goltz

    That's what we call "lawful evil" alignment in D&D. Yes, they're criminals, but there are *rules*, damn it!

  2. Alfonso

    And that is how they stole the USA 2020 election >>>>by hacking.

    1. Daniel Dacey · in reply to Alfonso

      And the evidence is? Go on, I'll wait.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.