Last week, the servers of ransomware giant REvil vanished.
Many applauded as dark-web (and clear-web) sites used to support the backend infrastructure of REvil, aka Sodinokibi, as well as to leak victims’ data, slipped offline early Tuesday morning.
Not REvil’s victims, though. They’re now stuck, many midway through negotiations, without the decryption key they need to unfreeze their data and their businesses.
As far as REvil’s disappearance went, it wasn’t clear whether it was a bust or whether the threat actors did it on purpose. As it was, the heat was intense: The group’s hit list had recently lengthened with the addition of Kaseya and its many managed service provider (MSP) customers, as well as the global meat supplier JBS Foods, Days before, the US government had rattled its saber at Russia, the group’s home base, with President Biden declaring that if Russia didn’t do something about the ransomware players in its midst, the US would.
Regardless of whether the group decided to lay low for a while or whether its servers went offline for any other of the numerous possible explanations, REvil’s victims weren’t any better off.