Russian hacking group believed to be behind Kaseya attack goes offline

Websites on the dark web used by a criminal hacking group believed to be behind the recent massive ransomware attack on software company Kaseya went offline Tuesday.

The hacking group, REvil, is believed to be based in Russia, and has been linked by the FBI to the ransomware attack in May on JBS USA, the nation’s largest beef producer. The more recent attack on Kaseya impacted up to 1,500 companies, many of them small businesses.

According to The New York Times, the websites on the dark web used by REvil to negotiate payment with victims and lists of companies it had targeted went dark early on Tuesday morning.

John Hultquist, the vice president of Analysis at cybersecurity group FireEye’s Mandiant Threat Intelligence, confirmed the takedown, saying in a statement provided to The Hill Tuesday that “at the time of analysis all known websites associated with the REvil ransomware RaaS are offline or non-responsive.”

It is unclear what caused the hacking group to go dark. The developments come less than a week after President Biden called Russian President Vladimir Putin and strongly urged him to take further action against ransomware groups based in Russia.