Graham Cluley
Computer security news, advice, and opinion
Isn’t it ironic? (Don’t you think?)
Ransomware gang outraged at "bandit-mugging behavior of the United States" after REvil group pushed offline
What’s the definition of “ironic”?
You could ask Alanis Morrisette, who’ll just tell you something about too many spoons, or rain or your wedding day…. or you could hear a notorious cybercrime group moaning about the action being taken against a fellow ransomware gang.
Last week Reuters reported that law enforcement agencies in various countries, including the FBI, had managed to disrupt the activities of the REvil ransomware gang (sometimes known as Sodinokibi).
REvil, you will recall, is the ransomware-as-a-service (RAAS) enterprise that rents out its expertise and infrastructure to other criminals – giving even those without technical ability a means to profit from ransomware. Victims of REvil ransomware attacks have included customers of Kaseya, meat supplier JBS, and a Swedish supermarket chain.
That’s enough to warrant some serious attention from the powers-that-be, and as Reuters reported last week, sources claim that “law enforcement and intelligence cyber specialists were able to hack REvil’s computer network infrastructure, obtaining control of at least some of their servers.”
As a result, the REvil’s group so-called “Happy blog, where it usually published its litany of corporate victims and shared hacked data, is no longer operational.

Ironically, according to the report, the REvil gang made a schoolboy error when trying to recover their systems:
When gang member 0_neday and others restored those websites from a backup last month, he unknowingly restarted some internal systems that were already controlled by law enforcement.
“The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised,” said Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB. “Ironically, the gang’s own favorite tactic of compromising the backups was turned against them.”
These developments have not gone unnoticed by at least one other cybercrime gang engaged in ransomware attacks. For instance, Brian Krebs reports that a member of the Conti ransomware group ranted on a Russian language hacking forum that the action against REvil was a “unilateral, extraterritorial, and bandit-mugging behavior of the United States in world affairs.”
He went on:
“Is there a law, even an American one, even a local one in any county of any of the 50 states, that legitimize such indiscriminate offensive action?
Is server hacking suddenly legal in the United States or in any of the US jurisdictions? Suppose there is such an outrageous law that allows you to hack servers in a foreign country. How legal is this from the point of view of the country whose servers were attacked? Infrastructure is not flying there in space or floating in neutral waters. It is a part of someone’s sovereignty.”
A cybercriminal who hacks into corporations for a living, complaining that criminal hackers have been hacked themselves.
Yup, that’s pretty ironic.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.
Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.
That’s what we call “lawful evil” alignment in D&D. Yes, they’re criminals, but there are *rules*, damn it!
And that is how they stole the USA 2020 election >>>>by hacking.
And the evidence is? Go on, I’ll wait.
Your email address will not be published. Required fields are marked *

{{#message}}{{{message}}}{{/message}}{{^message}}Your submission failed. The server responded with {{status_text}} (code {{status_code}}). Please contact the developer of this form processor to improve this message. Learn more{{/message}}
{{#message}}{{{message}}}{{/message}}{{^message}}It appears your submission was successful. Even though the server responded OK, it is possible the submission was not processed. Please contact the developer of this form processor to improve this message. Learn more{{/message}}
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Winner: Best Security Podcast 2018, 2019
Nov 4 2021
A game about Squid Game pulls the rug under cryptocurrency investors in what appears to be a scam, PayPal hackers use a devious trick to break into 2FA-protected accounts, and have you received a job offer that’s too good to be true?
Special guest: Dr Jessica Barker.
Huge thanks to Darknet Diaries’ Jack Rhysider, F-Secure’s Mikko Hyppönen, The Cyberwire’s Dave Bittner, and Host Unknown’s Andrew Agnês, Thom Langford, and Javvad Malik for their special contributions to this episode.

Apple Podcasts | Google Podcasts | Spotify | RSS

Support the podcast:
Hire Graham Cluley to be a keynote speaker at your event or webinar
Send a tip or story idea | Hire Graham Cluley to speak at your event | Sponsorship | Contact | About
Complaints/Corrections | Privacy | Terms & Conditions
Copyright © 2001-2021 Cluley Associates Limited. All Rights Reserved.