Governments turn tables on ransomware gang REvil by pushing it offline

1 / 2
US officials talk about the Colonial Pipeline ransomware attack during a news conference in Washington, D.C. on June 7, 2021. (REUTERS/File Photo)
Short Url
Updated 22 October 2021
Follow

Governments turn tables on ransomware gang REvil by pushing it offline

  • Law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of at least some of their servers
  • One person familiar with the events said that a foreign partner of the US government carried out the hacking operation that penetrated REvil's computer architecture

The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official.
Former partners and associates of the Russian-led criminal gang were responsible for a May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the US East Coast. REvil's direct victims include top meatpacker JBS. The crime group's "Happy Blog” website, which had been used to leak victim data and extort companies, is no longer available.
Officials said the Colonial attack used encryption software called DarkSide, which was developed by REvil associates.
VMWare head of cybersecurity strategy Tom Kellermann said law enforcement and intelligence personnel stopped the group from victimizing additional companies.
"The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” said Kellermann, an adviser to the US Secret Service on cybercrime investigations. “REvil was top of the list.”
A leadership figure known as "0_neday," who had helped restart the group's operations after an earlier shutdown, said REvil's servers had been hacked by an unnamed party.
"The server was compromised, and they were looking for me," 0_neday wrote on a cybercrime forum last weekend and first spotted by security firm Recorded Future. "Good luck, everyone; I'm off."
US government attempts to stop REvil, one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world, accelerated after the group compromised US software management company Kaseya in July. 
That breach opened access to hundreds of Kaseya's customers all at once, leading to numerous emergency cyber incident response calls.

Decryption key
Following the attack on Kaseya, the FBI obtained a universal decryption key that allowed those infected via Kaseya to recover their files without paying a ransom.
But law enforcement officials initially withheld the key for weeks as it quietly pursued REvil's staff, the FBI later acknowledged. 
According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of at least some of their servers.
After websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself "Unknown," vanished from the internet.
When gang member 0_neday and others restored those websites from a backup last month, he unknowingly restarted some internal systems that were already controlled by law enforcement.
“The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised,” said Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB. “Ironically, the gang's own favorite tactic of compromising the backups was turned against them.”
Reliable backups are one of the most important defenses against ransomware attacks, but they must be kept unconnected from the main networks or they too can be encrypted by extortionists such as REvil.
A spokesperson for the White House National Security Council declined to comment on the operation specifically.
"Broadly speaking, we are undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors, working with the private sector to modernize our defenses, and building an international coalition to hold countries who harbor ransom actors accountable," the person said.
The FBI declined to comment.
One person familiar with the events said that a foreign partner of the US government carried out the hacking operation that penetrated REvil's computer architecture. A former US official, who spoke on condition of anonymity, said the operation is still active.
The success stems from a determination by US Deputy Attorney General Lisa Monaco that ransomware attacks on critical infrastructure should be treated as a national security issue akin to terrorism, Kellermann said.
In June, Principal Associate Deputy Attorney General John Carlin told Reuters the Justice Department was elevating investigations of ransomware attacks to a similar priority.
Such actions gave the Justice Department and other agencies a legal basis to get help from US intelligence agencies and the Department of Defense, Kellermann said.
"Before, you couldn't hack into these forums, and the military didn't want to have anything to do with it. Since then, the gloves have come off." 


DR Congo offers bounty for arrest of M23 leaders

Updated 08 March 2025
Follow

DR Congo offers bounty for arrest of M23 leaders

  • The M23, which, according to UN experts, is backed by some 4,000 Rwandan soldiers, resumed its fight against the government in Kinshasa in 2021 and has since seized swaths of territory in North Kivu, which borders Rwanda

KINSHASA: Authorities in the Democratic Republic of Congo are offering a $5-million reward for help in arresting leaders of the M23 group that recently captured two major northern towns, the Justice Ministry announced.
“A reward of $5 million is offered to any person who helps arrest the convicts Corneille Nangaa, Bertrand Bisimwa and Sultani Makenga,” the ministry said in a statement.
Nangaa, a leader in the River Congo Alliance, or AFC, a military-political coalition to which the M23 belongs, is a former president of the DRC’s electoral commission.
Bisimwa and Makenga are, respectively, the president and military chief of the M23.
Tried in absentia in Kinshasa, all three men were convicted and sentenced to death in August 2024.
DRC authorities are also offering a bounty of $4 million for any information leading to the arrest of the three men’s “accomplices on the run” and “other sought individuals,” the statement said.
The M23, which, according to UN experts, is backed by some 4,000 Rwandan soldiers, resumed its fight against the government in Kinshasa in 2021 and has since seized swaths of territory in North Kivu, which borders Rwanda.
A lightning offensive in recent weeks has captured the provincial capital, Goma, and Bukavu, the main cities in the neighboring province of South Kivu.
The DRC’s mineral-rich east has been ravaged for three decades by conflict and atrocities.
According to the Financial Times, the US is in exploratory talks with the DRC over a deal that would give Washington access to critical minerals in the country.
Congo approached the US last month, proposing a deal that would offer exploration rights to the US in exchange for support for the government of President Felix Tshisekedi, the newspaper reported, citing public documents.
Security sources said on Friday at least 35 people were killed when pro-government militia attacked a village in the restive eastern Democratic Republic of Congo,
The attack happened at about 3 a.m. on Thursday in the village of Tambi, in the Masisi area of North Kivu province controlled by the Rwanda-backed M23 armed group.
A security source said that at least 35 people were killed in the attack, while local sources and an eyewitness put the death toll at more than 40.
A community leader and a medical source said villagers had recently returned to the area after having fled fighting between the M23 and the Congolese army and local militia.
“The militia went to attack Tambi where residents had started to return ... they opened fire and civilians were killed,” said one community leader, who said 43 people died.
“They put some victims in a church and then shot them. Those who were in the fields were killed there.”
The community leader, a local health worker, and a local resident said another group of civilians sought refuge in a house and died when the militia set it on fire.
“We counted 47 bodies in the morning,” the resident said, adding that they were buried in a communal grave.
Some of the victims were unable to be identified because of their burns, he added.

 


Protesters on International Women’s Day demand equal rights, end to discrimination, sexual violence

Updated 08 March 2025
Follow

Protesters on International Women’s Day demand equal rights, end to discrimination, sexual violence

  • On the Asian side of Turkiye’s biggest city Istanbul, a rally in Kadikoy saw members of dozens of women’s groups listen to speeches, dance and sing
  • In many other European countries, women also protested against violence, for better access to gender-specific health care, equal pay and other issues

ISTANBUL: Women took to the streets of cities across Europe, Africa and elsewhere to mark International Women’s Day with demands for ending inequality and gender-based violence.
On the Asian side of Turkiye’s biggest city Istanbul, a rally in Kadikoy saw members of dozens of women’s groups listen to speeches, dance and sing in the spring sunshine.
The colorful protest was overseen by a large police presence, including officers in riot gear and a water cannon truck.
The government of President Recep Tayyip Erdogan declared 2025 the Year of the Family. Protesters pushed back against the idea of women’s role being confined to marriage and motherhood, carrying banners reading “Family will not bind us to life” and “We will not be sacrificed to the family.”
Critics have accused the government of overseeing restrictions on women’s rights and not doing enough to tackle violence against women.
Erdogan in 2021 withdrew Turkiye from a European treaty, dubbed the Istanbul Convention, that protects women from domestic violence. Turkiye’s We Will Stop Femicides Platform says 394 women were killed by men in 2024.
“There is bullying at work, pressure from husbands and fathers at home and pressure from patriarchal society. We demand that this pressure be reduced even further,” Yaz Gulgun, 52, said.
Women across Europe and Africa march against discrimination
In many other European countries, women also protested against violence, for better access to gender-specific health care, equal pay and other issues in which they don’t get the same treatment as men.
In Poland, activists opened a center across from the parliament building in Warsaw where women can go to have abortions with pills, either alone or with other women.
Opening the center on International Women’s Day across from the legislature was a symbolic challenge to authorities in the traditionally Roman Catholic nation, which has one of Europe’s most restrictive abortion laws.
From Athens to Madrid, Paris, Munich, Zurich and Belgrade and in many more cities across the continent, women marched to demand an end to treatment as second-class citizens in society, politics, family and at work.
In Madrid, protesters held up big hand-drawn pictures depicting Gisele Pélicot, the woman who was drugged by her now ex-husband in France over the course of a decade so that she could be raped by dozens of men while unconscious.
Pélicot has become a symbol for women all over Europe in the fight against sexual violence.
In the Nigerian capital of Lagos, thousands of women gathered at the Mobolaji Johnson Stadium, dancing and signing and celebrating their womanhood.
Many were dressed in purple — the traditional color of the women’s liberation movement.
In Russia, the women’s day celebrations had a more official tone, with honor guard soldiers presenting yellow tulips to girls and women during a celebration in St. Petersburg.
Germany’s president warns of backlash against progress already made
In Berlin, German President Frank-Walter Steinmeier called for stronger efforts to achieve equality and warned against tendencies to roll back progress already made.
“Globally, we are seeing populist parties trying to create the impression that equality is something like a fixed idea of progressive forces,” he said. He gave an example of ” large tech companies that have long prided themselves on their modernity and are now, at the behest of a new American administration, setting up diversity programs and raving about a new ‘masculine energy’ in companies and society.”


UK govt cuts funding for Islamophobia reporting service 

Updated 08 March 2025
Follow

UK govt cuts funding for Islamophobia reporting service 

  • Tell Mama, founded in 2012, provides ‘invaluable’ data, police sources tell The Guardian
  • The organization, which received 10,700 reports of Islamophobia last year, faces closure

LONDON: The UK government is ending funding for Islamophobia reporting service Tell Mama, The Guardian reported on Saturday.

The project, founded in 2012, is now facing closure weeks after it reported a record number of anti-Muslim hate incidents across the country.

Since its launch, Tell Mama has been wholly funded by the Ministry of Housing, Communities and Local Government.

The ministry told Tell Mama that no grant would be provided by the end of March, without providing alternative arrangements.

Data provided by the service to police under a 2015 sharing agreement has been “invaluable” for monitoring community cohesion and responding to threats, police sources told The Guardian.

Tell Mama received 10,700 reports of Islamophobia last year, with 9,600 being verified. Muslims were the most targeted group in hate attacks in the year ending March 2024, according to police figures. They made up 38 percent of victims nationwide.

Tell Mama’s founder Fiyaz Mughal said its resources were being cut while “the far right and ­populists across Europe are growing significantly. There are going to be more individuals targeted, we know that in the current environment, and where are they going to go?

“This is an injustice at a time where I have never seen anti-Muslim rhetoric become so mainstream.”

Tell Mama provides a crucial point of contact for vulnerable people who often feel unable to contact the police, Mughal said.

“I’m not aware of any other organisation that can do this work and even if a new agency tried, it would take them 10 to 15 years to reach where Tell Mama is,” he added.

On Feb. 28, the government announced a new working group on anti-Muslim hatred that will create a new definition of Islamophobia and “support a wider stream of work to tackle the unacceptable incidents of anti-Muslim hatred.”

But Mughal accused the government of “saying one thing and doing another,” adding: “Labour talks a lot about countering Islamophobia but they are cutting the only project doing anything on a national scale — supporting victims, working with numerous police forces and supporting prosecutions.”

The National Police Chiefs’ Council said Tell Mama’s contributions “have allowed for the effective analysis of community tensions and informed actions to reduce such tensions.”

A spokesperson for the ministry responsible for the cut said: “Religious and racial hatred has absolutely no place in our society, and we will not tolerate Islamophobia in any form.

“This year we have made up to £1 million ($1.29 million) of funding available to Tell Mama to provide support for victims of Islamophobia, and we will set out our approach to future funding in due course.”


Polish PM says appeasement led to ‘more bombs’ from Russia in Ukraine

Updated 08 March 2025
Follow

Polish PM says appeasement led to ‘more bombs’ from Russia in Ukraine

  • “More bombs, more aggression, more victims,” Tusk wrote on X

WARSAW: Polish Prime Minister Donald Tusk on Saturday slammed deadly Russian overnight strikes on Ukraine as the result of “what happens when someone appeases barbarians.”


“More bombs, more aggression, more victims. Another tragic night in Ukraine,” Tusk wrote on X, formerly Twitter, following Russian attacks that killed at least 14 people in Ukraine’s east and northeast.


UK says Australia ‘considering’ joining group to protect Ukraine peace

Updated 08 March 2025
Follow

UK says Australia ‘considering’ joining group to protect Ukraine peace

  • European countries have been rushing to boost support for Ukraine
  • Several European states have said they would be willing to deploy troops to Ukraine as a “security guarantee“

LONDON: The UK on Saturday said that Australia’s Prime Minister Anthony Albanese was considering joining a group of countries prepared to protect an eventual ceasefire in the Russia-Ukraine war.
Britain and France have been leading efforts to form the so-called “coalition of the willing,” with the United States’ long-term commitment to Europe’s security now in doubt under President Donald Trump.
British Prime Minister Keir Starmer “spoke to the Prime Minister of Australia Anthony Albanese this morning,” the UK leader’s office said on Saturday.
“He welcomed Prime Minister Albanese’s commitment to consider contributing to a Coalition of the Willing for Ukraine and looked forward to the Chiefs of Defense meeting in Paris on Tuesday.”
European countries have been rushing to boost support for Ukraine as Trump pursues direct talks with Russian leader Vladimir Putin to end Moscow’s three-year-long invasion of Ukraine.
Several European states have said they would be willing to deploy troops to Ukraine as a “security guarantee.”
Key details about the “coalition of the willing” have not been specified, but the grouping was mentioned by Starmer during a summit of European leaders in London last Sunday aimed at guaranteeing “lasting peace” in Ukraine.
British officials have held talks with around 20 countries interested in being part of the group, a UK official said on Thursday.
The official refused to name the nations but said they were “largely European and Commonwealth partners.”
Earlier this week, Albanese told journalists that Australia was “ready to assist” Ukraine.
“There’s discussion at the moment about potential peacekeeping,” he said. “From my government’s perspective, we’re open to consideration of any proposals going forward.”