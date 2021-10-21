The servers of the REvil Ransomware Group have been compromised by a hacking technique used by the group to compromise targets.

According to an exclusive story from Reuters, REvil, the ransomware gang that hacked into the US Colonial Pipeline this past May, was attacked and shut down by a global cyber operation.

According to reports, the group was hacked using the same method that brought down the Pipeline.

Officials from the Federal Bureau of Investigation (FBI) and the United States Cyber Command collaborated with a number of countries to bring down REvil and other cybercrime organizations.

“The server was compromised, and they were looking for me,” one of REvil’s commanders, identified only as 0 neday, stated on a recent online forum post.

0 neday continued, “Good luck, everyone; I’m off.”

The government shut down REvil’s servers by exploiting a flaw in the ransomware’s backup system, which allowed law enforcement agencies to gain access to REvil’s servers and shut them down.

“REvil…restored the infrastructure from backups under the idea that they had not been compromised,” according to Oleg Skulkin, a representative of Russian security firm Group-IB. “Ironically, the gang’s favoured strategy of compromising backups backfired on them.” REvil is “one of the worst of dozens of ransomware gangs that collude with hackers to penetrate and disable organizations all around the world,” according to Reuters. REvil and another ransomware organization, DarkSide, hacked the Colonial Pipeline, causing significant petroleum shortages and prompting President Joe Biden to declare a state of emergency. Only until Colonial Pipeline Company sent REvil $4.4 million was the pipeline reconnected.

REvil made waves again in July when it hacked into software management business Kaseya, giving the organization access to hundreds of the company’s clients’ personal information.

According to Reuters, the White House National Security Council is “undertaking a whole of government ransomware campaign, including disruption of ransomware infrastructure and actors,” but declined to comment on the REvil operation explicitly.