The Biden administration does not know exactly why ransomware gang REvil, thought to be based in Russia, has vanished from the dark web, a senior official said Tuesday.
But the United States will continue to place pressure on criminal groups like REvil, as well as governments, such as Russia, that are responsible for the territory where these groups operate, the administration official added.
The Biden administration official’s comments, given in an interview with POLITICO, were the clearest yet to suggest that the United States did not play a direct role in taking down REvil’s websites and other online infrastructure in recent days.
REvil is suspected of targeting a meat supplier and a major information-technology vendor in recent months. The move hit businesses in the United States and beyond by locking them out of their systems while REvil demanded money to stop the attack.
When pressed on whether the administration has taken any action against such cyber criminals in Russia, the senior official would not say.
On REvil specifically, “We have certainly noticed that they’ve stood down their operations. We don’t know exactly why,” the official said. “But we’re still pressing on Russia to take action against the cyber criminals that are operating on its territory. We’re not declaring victory.”
Asked if the Kremlin took down the group or made the group take down its sites, the official said: “It’s possible, I guess. Again, we don’t know exactly why they’ve stood down.” The official spoke on condition of anonymity per ground rules set by the administration.
The United States has not connected REvil’s attacks directly to the Kremlin. But President Joe Biden has warned Russian leader Vladimir Putin that his government needs to act against such criminal organizations and that the United States will move against them if it must.
Biden aides have said battling the growing ransomware threat is a priority for the United States, and they are using a variety of measures to bring unprecedented attention to the menace.
But given the highly classified nature of America’s cyber capabilities, tackling ransomware also is a tough topic for them to discuss. Over the past week, administration officials have tread carefully when asked what led to the REvil online takedown.
Over the weekend, another senior administration official said the United States was tracking publicly available information as it monitored the case.
“At least from looking at the open source information, the REvil’s spokesperson’s account may have been banned from Russian hacking channels,” the official said. “And we continue to see that REvil infrastructure remains down. We think that’s a very positive thing.”