Russian Official Unaware REvil Has Vanished: 'I Don't Know Which Groups Disappeared Where'

A Russian official claims he is unaware Russian-linked hacking group REvil vanished online and said "I don't know which groups disappeared where" on Wednesday.

REvil's online presence disappeared Tuesday after hitting software company Kaseya, based in Florida, with a ransomware attack on July 2 that affected more than 1,000 organizations internationally, the Associated Press reported. Following the attack, President Joe Biden told Russian President Vladimir Putin to "take action" against cyber criminals living in Russia last Friday.

Russian spokesman Dmitry Peskov said that Russia considers cybercrimes "unacceptable" actions that would warrant consequences. However, analysts say there is no evidence yet of Putin penalizing cybercrimes, according to the AP.

When asked if there would be consequences if Putin did not respond to cyber criminals, Biden said "yes." The White House declined to comment on whether it was involved in REvil's disappearance.

For more reporting from the Associated Press, see below.

Kremlin Spokesman Dmitry Peskov
Kremlin spokesman Dmitry Peskov said he is unaware Russian-linked hacking group REvil vanished online. In this photo Peskov sits in front of a screen displaying Russian President Vladimir Putin addressing his annual press conference via a video link from the Novo-Ogaryovo state residence, at the World Trade Centre's congress centre in Moscow on December 17, 2020, amid the ongoing coronavirus disease pandemic. Natalia Kolesnikova/AFP via Getty Images

The State Department will offer rewards up to $10 million for information leading to the identification of anyone engaged in foreign state-sanctioned malicious cyber activity against critical U.S. infrastructure — including ransomware attacks — and the White House has launched a task force to coordinate efforts to stem the ransomware scourge.

The Biden administration is also launching the website to offer the public resources for countering the threat and building more resilience into networks, a senior administration official told reporters.

Another measure being announced Thursday to combat the ransomware onslaught is from the Financial Crimes Enforcement Network at the Treasury Department. It will engage banks, technology firms and others on better anti-money-laundering efforts for cryptocurrency and more rapid tracing of ransomware proceeds, which are paid in virtual currency.

Officials are hoping to seize more extortion payments in ransomware cases, as the FBI did in recouping most of the $4.4 million ransom paid by Colonial Pipeline in May.

The rewards are being offered under the State Department's Rewards for Justice program. It will offer a tips-reporting mechanism on the dark web to protect sources who might identify cyber attackers and/or their locations, and reward payments may include cryptocurrency, the agency said in a statement.

Ransomware scrambles entire networks of data, which criminals unlock when they get paid.

Cybersecurity experts say REvil may have decided to drop out of sight and rebrand under a new name, as it and several other ransomware gangs have done in the past to try to throw off law enforcement.

Another possibility is that Russian President Vladimir Putin actually heeded President Joe Biden's warning of repercussions if he didn't rein in ransomware criminals, who enjoy safe harbor in Russia and allied states.

That seemed improbable, however, given Kremlin spokesman Dmitry Peskov's statement to reporters Wednesday.

Inside of a Computer
This Feb 23, 2019, file photo shows the inside of a computer in Jersey City, N.J. The Russian hacking group REvil has seemingly disappeared and one official claims to not know the reason behind it. Jenny Kane/AP Photo