www.reuters.com
Open in
urlscan Pro
13.32.121.40
Public Scan
URL:
https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10...
Submission: On October 26 via api from US — Scanned from DE
Submission: On October 26 via api from US — Scanned from DE
Form analysis
1 forms found in the DOM<form id="adl-user-report-form" novalidate="">
<div style="padding:0; margin: 0 0 0;">
<div style="width:100%;display:none;height: 35px;line-height:35px;font-size:13px;padding:0 12px;color:white;background-color:#FF3860;border-radius:2px;margin-bottom:10px; " id="adl-category-error">Please make a selection.</div>
<label style="display: block;line-height: 0; font-size: 16px; margin: 15px 0 15px;">
<input style="margin:0 8px 0 0;vertical-align: middle;transform: translateY(-0.15em);-webkit-appearance: radio;box-sizing: border-box;" type="radio" name="category" value="Plays Sound" required=""> Plays sound </label>
<label style="display: block;line-height: 0; font-size: 16px; margin: 15px 0 15px;">
<input style="margin:0 8px 0 0;vertical-align: middle;transform: translateY(-0.15em);-webkit-appearance: radio;box-sizing: border-box;" type="radio" name="category" value="Adult Content" required=""> Contains adult content </label>
<label style="display: block;line-height: 0; font-size: 16px; margin: 15px 0 15px;">
<input style="margin:0 8px 0 0;vertical-align: middle;transform: translateY(-0.15em);-webkit-appearance: radio;box-sizing: border-box;" type="radio" name="category" value="Covers the Page" required=""> Covers the page </label>
<label style="display: block;line-height: 0; font-size: 16px; margin: 15px 0 15px;">
<input style="margin:0 8px 0 0;vertical-align: middle;transform: translateY(-0.15em);-webkit-appearance: radio;box-sizing: border-box;" type="radio" name="category" value="Other" required=""> Other </label>
<h2 style="font-size:20px;font-weight:bold;color:rgb(58,58,58);text-align:left;margin:25px 0 15px;">Additional Information</h2>
<div style="width:100%;display:none;height: 35px;line-height:35px;font-size:13px;padding:0 12px;color:white;background-color:#FF3860;border-radius:2px;margin-bottom:10px; " id="adl-text-minlen-error">Please help us by describing the ad.</div>
<div style="width:100%;display:none;height: 35px;line-height:35px;font-size:13px;padding:0 12px;color:white;background-color:#FF3860;border-radius:2px;margin-bottom:10px; " id="adl-text-maxlen-error">Only 500 characters are allowed.</div>
<textarea id="adl-user-feedback" style="box-sizing:border-box;resize: none; margin:0;width:100%;font-size:14px;line-height:18px;height:100px;border:1px solid #B0B0B0;padding:11px 15px;border-radius:2px;" minlength="3" maxlength="500"
placeholder="What does the ad say, who is the advertiser, what does the ad look like?" name="user_feedback"></textarea>
</div>
<button type="button"
style="margin-left:auto;margin-right:auto;margin: 20px auto 0;width:200px;cursor:pointer;background-color:#7c6bf7;display:block;color:#fff;border-radius:2px;border:none;padding:15px 40px;font-weight:700;text-align:center;box-sizing:border-box;font-size:16px;"
id="adl-report-ad-modal__submit-button">Report ad</button>
</form>
Text Content
Skip to main content * World * Business * Legal * Markets * Breakingviews * Technology * Investigations * Sports * More Sign In Register Menu undefined NaN, NaNNaN:NaN PM undefinedLast Updated 5 days ago TECHNOLOGY EXCLUSIVE GOVERNMENTS TURN TABLES ON RANSOMWARE GANG REVIL BY PUSHING IT OFFLINE By Joseph Menn and Christopher Bing * * * * * 4 minute read 1/3 Acting U.S. Attorney for the Northern District of California Stephanie Hinds speaks about the Colonial Pipeline ransomware attack during a news conference with Deputy U.S. Attorney General Lisa Monaco and FBI Deputy Director Paul Abbate at the Justice Department in Washington, U.S., June 7, 2021. REUTERS/Jonathan Ernst/Pool/File Photo Read More Oct 21 (Reuters) - The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official. Former partners and associates of the Russian-led criminal gang were responsible for a May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the U.S. East Coast. REvil's direct victims include top meatpacker JBS (JBSS3.SA). The crime group's "Happy Blog” website, which had been used to leak victim data and extort companies, is no longer available. Officials said the Colonial attack used encryption software called DarkSide, which was developed by REvil associates. VMWare (VMW.N) head of cybersecurity strategy Tom Kellermann said law enforcement and intelligence personnel stopped the group from victimizing additional companies. "The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” said Kellermann, an adviser to the U.S. Secret Service on cybercrime investigations. “REvil was top of the list.” A leadership figure known as "0_neday," who had helped restart the group's operations after an earlier shutdown, said REvil's servers had been hacked by an unnamed party. "The server was compromised, and they were looking for me," 0_neday wrote on a cybercrime forum last weekend and first spotted by security firm Recorded Future. "Good luck, everyone; I'm off." U.S. government attempts to stop REvil, one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world, accelerated after the group compromised U.S. software management company Kaseya in July. That breach opened access to hundreds of Kaseya's customers all at once, leading to numerous emergency cyber incident response calls. DECRYPTION KEY Following the attack on Kaseya, the FBI obtained a universal decryption key that allowed those infected via Kaseya to recover their files without paying a ransom. But law enforcement officials initially withheld the key for weeks as it quietly pursued REvil's staff, the FBI later acknowledged. According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of at least some of their servers. After websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself "Unknown," vanished from the internet. When gang member 0_neday and others restored those websites from a backup last month, he unknowingly restarted some internal systems that were already controlled by law enforcement. “The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised,” said Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB. “Ironically, the gang's own favorite tactic of compromising the backups was turned against them.” Reliable backups are one of the most important defenses against ransomware attacks, but they must be kept unconnected from the main networks or they too can be encrypted by extortionists such as REvil. A spokesperson for the White House National Security Council declined to comment on the operation specifically. "Broadly speaking, we are undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors, working with the private sector to modernize our defenses, and building an international coalition to hold countries who harbor ransom actors accountable," the person said. The FBI declined to comment. One person familiar with the events said that a foreign partner of the U.S. government carried out the hacking operation that penetrated REvil's computer architecture. A former U.S. official, who spoke on condition of anonymity, said the operation is still active. The success stems from a determination by U.S. Deputy Attorney General Lisa Monaco that ransomware attacks on critical infrastructure should be treated as a national security issue akin to terrorism, Kellermann said. In June, Principal Associate Deputy Attorney General John Carlin told Reuters the Justice Department was elevating investigations of ransomware attacks to a similar priority. Such actions gave the Justice Department and other agencies a legal basis to get help from U.S. intelligence agencies and the Department of Defense, Kellermann said. "Before, you couldn't hack into these forums, and the military didn't want to have anything to do with it. Since then, the gloves have come off." Reporting by Joseph Menn and Christopher Bing; Editing by Chris Sanders and Grant McCool Our Standards: The Thomson Reuters Trust Principles. MORE FROM REUTERS NEXT 360p 720p HD 1080p HD Auto (360p) About Connatix V134630 About Connatix V134630 1/1 Skip Ad Continue watching after the ad Visit Advertiser website GO TO PAGE Ocado's robots supply groceries to Londoners Vatican revamps ‘Click to Pray’ app Robot dog steals the show at a French tech fair Facebook to pay up to $14.25M in U.S discrimination suit Explore the most detailed 3D map of the universe in VR Energy from bogs: using peat to make batteries Robots give Greece's postal service speed boost Two Americans win Nobel Prize in Medicine Palestinians turn e-waste into reusable metals Deepfake Bruce Willis appears in Russian advert READ NEXT * Media & Telecom FCC VOTES TO TERMINATE CHINA TELECOM AMERICANS AUTHORITY TO PROVIDE U.S. SERVICES NaN:NaN PM undefined * Middle East IRAN SAYS CYBERATTACK CAUSES WIDESPREAD DISRUPTION AT GAS STATIONS NaN:NaN PM undefined * Retail & Consumer FRANCE MOVES TO SHIELD ITS BOOK INDUSTRY FROM AMAZON NaN:NaN PM undefined * India INDIA TARGETS MAJOR GLOBAL FIRMS FOR LOCAL BATTERY MANUFACTURING - SOURCES NaN:NaN PM undefined READ NEXT * United States INTERNET INFRASTRUCTURE COMPANY RIGHTFORGE TO HOST TRUMP'S TRUTH SOCIAL- AXIOS NaN:NaN PM undefined * India INDIAN COURT RESTRAINS INVESCO FROM CALLING SHAREHOLDERS MEETING IN WIN FOR ZEE NaN:NaN PM undefined * Technology COMPUTER MOUSE MAKER LOGITECH HIT BY SUPPLY CHAIN PROBLEMS NaN:NaN PM undefined * Autos & Transportation GM TO RESUME LIMITED PRODUCTION AT EV PLANT IN MICHIGAN NaN:NaN PM undefined Sign up for our newsletter Subscribe for our daily curated newsletter to receive the latest exclusive Reuters coverage delivered to your inbox. Sign up TECHNOLOGY Technology · NaN:NaN PM undefined GM TO BOOST EV PROFILE WITH 40,000 CHARGING STATIONS IN U.S., CANADA General Motors said on Tuesday it would install up to 40,000 electric-vehicle charging stations in the United States and Canada, as part of the automaker's $750 million commitments to bolster its presence in the rapidly growing sector. Technology COMPUTER MOUSE MAKER LOGITECH HIT BY SUPPLY CHAIN PROBLEMS NaN:NaN PM undefined Technology FCC VOTES TO TERMINATE CHINA TELECOM AMERICANS AUTHORITY TO PROVIDE U.S. SERVICES NaN:NaN PM undefined Technology INTERNET INFRASTRUCTURE COMPANY RIGHTFORGE TO HOST TRUMP'S TRUTH SOCIAL- AXIOS NaN:NaN PM undefined Technology EU TECH RULES SHOULD CURB CLOUD COMPUTING PROVIDERS, STUDY SAYS NaN:NaN PM undefined LATEST * Home BROWSE * World * Business * Legal * Markets * Breakingviews * Technology * Investigations * Lifestyle MEDIA * Videos * Pictures * Graphics ABOUT REUTERS * About Reuters * Careers * Reuters News Agency * Brand Attribution Guidelines * Reuters Leadership * Reuters Fact Check * Reuters Diversity Report STAY INFORMED * Download the App * Newsletters INFORMATION YOU CAN TRUST Reuters, the news and media division of Thomson Reuters, is the world’s largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world's media organizations, industry events and directly to consumers. FOLLOW US * * * * * THOMSON REUTERS PRODUCTS * Westlaw Build the strongest argument relying on authoritative content, attorney-editor expertise, and industry defining technology. * Onesource The most comprehensive solution to manage all your complex and ever-expanding tax and compliance needs. * Checkpoint The industry leader for online information for tax, accounting and finance professionals. REFINITIV PRODUCTS * Eikon Information, analytics and exclusive news on financial markets - delivered in an intuitive desktop and mobile interface. * Refinitiv Data Platform Access to real-time, reference, and non-real time data in the cloud to power your enterprise. * World-Check Screen for heightened risk individual and entities globally to help uncover hidden risks in business relationships and human networks. * Advertise With Us * Advertising Guidelines * Cookies * Terms of Use * Privacy * Corrections * Site Feedback All quotes delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays. © 2021 Reuters. All rights reserved EUROPEAN UNION INDIVIDUALS Right to Withdraw Consent under GDPR If you are an individual located in the E.U. you have the right, at any time, to withdraw your consent if you previously provided a controller with your consent to process your personal data. If you previously provided your consent to allow cookies on your browser, you can choose not to allow some types of cookies. You may withdraw your consent to our use of non-strictly necessary cookies through Reuters.com by clicking on the “Show Purpose” button below. However, if you disable the use of cookies in your browser, it may impact your experience of the site. Please also note that withdrawing your consent may not mean you will stop seeing advertisements, and that you cannot opt-out of strictly necessary cookies that are required. For more information about your rights as an individual located in the European Union, please see our Privacy Statement. Information Our Partners Collect We want to be transparent about the data our partners collect and how we use it, so you can best exercise control over your personal information. We use the following partners on Reuters.com. In accordance with our Privacy Statement, they may use cookies and other mechanisms to, among other things, connect you with your social networks and tailor advertising to better match your interests. You can elect to opt-out of this information collection by clicking here We process your data to deliver content or advertisements and measure the delivery of such content or advertisements to extract insights about our website. We share this information with our partners on the basis of consent and legitimate interest. You may exercise your right to consent or object to a legitimate interest, based on a specific purpose below or at a partner level in the link under each purpose. These choices will be signaled to our vendors participating in the Transparency and Consent Framework. Allow All MANAGE CONSENT PREFERENCES STRICTLY NECESSARY COOKIES Always Active Strictly Necessary Cookies These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. * ENSURE SECURITY, PREVENT FRAUD, AND DEBUG Required Cookies Your data can be used to monitor for and prevent fraudulent activity, and ensure systems and processes work properly and securely. * TECHNICALLY DELIVER ADS OR CONTENT Required Cookies Your device can receive and send information that allows you to see and interact with ads and content. * RECEIVE AND USE AUTOMATICALLY-SENT DEVICE CHARACTERISTICS FOR IDENTIFICATION Required Cookies Your device might be distinguished from other devices based on information it automatically sends, such as IP address or browser type. * LINK DIFFERENT DEVICES Required Cookies Different devices can be determined as belonging to you or your household in support of one or more of purposes. * MATCH AND COMBINE OFFLINE DATA SOURCES Required Cookies Data from offline data sources can be combined with your online activity in support of one or more purposes List of IAB Vendors | View Full Legal Text Opens in a new window SALE OF PERSONAL DATA Sale of Personal Data * TARGETING COOKIES Required Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. * FUNCTIONAL COOKIES Required Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. * PERFORMANCE COOKIES Required Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. STORE AND/OR ACCESS INFORMATION ON A DEVICE Store and/or access information on a device Cookies, device identifiers, or other information can be stored or accessed on your device for the purposes presented to you. * ACTIVELY SCAN DEVICE CHARACTERISTICS FOR IDENTIFICATION Required Cookies Your device can be identified based on a scan of your device's unique combination of characteristics. * USE PRECISE GEOLOCATION DATA Required Cookies Your precise geolocation data can be used in support of one or more purposes. This means your location can be accurate to within several meters. List of IAB Vendors | View Full Legal Text Opens in a new window PERSONALISED ADS AND CONTENT, AD AND CONTENT MEASUREMENT, AUDIENCE INSIGHTS AND PRODUCT DEVELOPMENT Personalised ads and content, ad and content measurement, audience insights and product development * DEVELOP AND IMPROVE PRODUCTS Required Cookies Your data can be used to improve existing systems and software, and to develop new products Object to Legitimate Interests Remove Objection * CREATE A PERSONALISED ADS PROFILE Required Cookies A profile can be built about you and your interests to show you personalised ads that are relevant to you. Object to Legitimate Interests Remove Objection * SELECT PERSONALISED ADS Required Cookies Personalised ads can be shown to you based on a profile about you. Object to Legitimate Interests Remove Objection * CREATE A PERSONALISED CONTENT PROFILE Required Cookies A profile can be built about you and your interests to show you personalised content that is relevant to you. Object to Legitimate Interests Remove Objection * SELECT PERSONALISED CONTENT Required Cookies Personalised content can be shown to you based on a profile about you. Object to Legitimate Interests Remove Objection * MEASURE CONTENT PERFORMANCE Required Cookies The performance and effectiveness of content that you see or interact with can be measured. Object to Legitimate Interests Remove Objection * APPLY MARKET RESEARCH TO GENERATE AUDIENCE INSIGHTS Required Cookies Market research can be used to learn more about the audiences who visit sites/apps and view ads. Object to Legitimate Interests Remove Objection * SELECT BASIC ADS Required Cookies Ads can be shown to you based on the content you’re viewing, the app you’re using, your approximate location, or your device type. Object to Legitimate Interests Remove Objection * MEASURE AD PERFORMANCE Required Cookies The performance and effectiveness of ads that you see or interact with can be measured. Object to Legitimate Interests Remove Objection List of IAB Vendors | View Full Legal Text Opens in a new window Reject All Confirm My Choices Back Button Back PERFORMANCE COOKIES Vendor Search Search Icon Filter Icon Clear Filters Information storage and access Apply Consent Leg.Interest All Consent Allowed Select All Vendors Select All Vendors All Consent Allowed Reject All Confirm My Choices RIGHT TO WITHDRAW CONSENT UNDER GDPR We and our partners store and/or access information on a device, such as unique IDs in cookies to process personal data. You may accept or manage your choices by clicking below, including your right to object where legitimate interest is used, or at any time in the privacy policy page. These choices will be signaled to our partners and will not affect browsing data.Cookie Policy WE AND OUR PARTNERS PROCESS DATA TO PROVIDE: Actively scan device characteristics for identification. Use precise geolocation data. Store and/or access information on a device. Personalised ads and content, ad and content measurement, audience insights and product development. List of Partners (vendors) Accept All Show Purposes WHY ARE YOU REPORTING THIS AD? Please make a selection. Plays sound Contains adult content Covers the page Other ADDITIONAL INFORMATION Please help us by describing the ad. Only 500 characters are allowed. Report ad Thank you for letting us know. Powered by × Feedback