The dark web sites operated by the notorious REvil ransomware group suddenly went offline on Tuesday, prompting speculation that the US or Russian governments stepped in. Meanwhile, victims and the security companies working for them to recover data have been put in a more difficult situation.
"Victims have been left without the ability to recover the decryption software necessary to restore encrypted networks, our clients being among them," Mike Fowler, vice president of intelligence services at GroupSense, a company that provides ransom negotiation services, tells CSO. "It is our hope that the organization responsible for the takedowns was able to gather the necessary software needed to provide the decryption keys when supplied with the victim-specific encryption keys. If not, we consider it computationally infeasible that the victims will be able to recover their data via other means."