On 21 October 2021, sources close to the investigation revealed that the FBI, in collaboration with Cyber Command, the U.S. Secret Service and two friendly countries, managed to take down REvil, one of the world’s largest ransomware gangs, led by Russian hackers.
REvil is notably responsible for the 2021 attacks against Colonial Pipeline, JBS, or Kaseya. It is during this latter attack—in July 2021—that law enforcement forces succeeded in hacking a part of the servers of the group and taking them down a first time.
In September 2021, several REvil members managed to restart their servers, using backups, some of which were still controlled by law enforcement forces. Ironically, compromising backups is one of the favourite tactics of ransomware gangs like REvil.
This operation is emblematic of the new U.S. doctrine, which gives the fight against ransomware gangs targeting critical infrastructures the same priority as the fight against terrorism.