biden official we dont know exactly why ransomware gang vanished from the web
biden official we dont know exactly why ransomware gang vanished from the web

Biden official: ‘We don’t know exactly why’ ransomware gang vanished from the web

REvil is suspected of targeting a meat supplier and a major information-technology vendor in recent months. The move hit businesses in the United States and beyond by locking them out of their systems while REvil demanded money to stop the attack.

When pressed on whether the administration has taken any action against such cyber criminals in Russia, the senior official would not say.

On REvil specifically, “We have certainly noticed that they’ve stood down their operations. We don’t know exactly why,” the official said. “But we’re still pressing on Russia to take action against the cyber criminals that are operating on its territory. We’re not declaring victory.”

Asked if the Kremlin took down the group or made the group take down its sites, the official said: “It’s possible, I guess. Again, we don’t know exactly why they’ve stood down.” The official spoke on condition of anonymity per ground rules set by the administration.

The United States has not connected REvil’s attacks directly to the Kremlin. But President Joe Biden has warned Russian leader Vladimir Putin that his government needs to act against such criminal organizations and that the United States will move against them if it must.

Biden aides have said battling the growing ransomware threat is a priority for the United States, and they are using a variety of measures to bring unprecedented attention to the menace.

But given the highly classified nature of America’s cyber capabilities, tackling ransomware also is a tough topic for them to discuss. Over the past week, administration officials have tread carefully when asked what led to the REvil online takedown.

Over the weekend, another senior administration official said the United States was tracking publicly available information as it monitored the case.

“At least from looking at the open source information, the REvil’s spokesperson’s account may have been banned from Russian hacking channels,” the official said. “And we continue to see that REvil infrastructure remains down. We think that’s a very positive thing.”