Within days of the call, REvil shut down. Gone was REvil’s “Happy Blog,” where he posted stolen emails and files from REvil ransomware victims. Gone is your payment platform. Its most notorious members suddenly disappeared from cybercrime forums.
It is unclear if REvil went offline of its own free will or on the orders of the Kremlin, or if the Pentagon hackers in Cyber Command had played any role. But it was a loss for Kaseya’s victims, who were still in the process of negotiating to get the data back when their extortionists suddenly disappeared.
Kaseya’s announcement that she had recovered the key was a welcome twist. Often times when decryption tools are handed out by ransomware groups to victims who have complied with their extortion demands, the tools are slow or ineffective. But in this case, Brett Callow, a threat researcher at EmsiSoft, a security company that works with Kaseya, confirmed that the decryptor was “effective.”
Jose Maria Leon Cabrera Y Julie Turkewitz contributed to inform.
