REvil ransomware group that targeted Apple supplier gets hacked, taken offline

in General Discussion edited October 2021
REvil, the ransomware group responsible for a string of high-profile hacks including that of Apple supplier Quanta, was this week hacked by a cohort of government actors in an operation that hobbled the entity's online presence.


Citing sources familiar with the matter, Reuters on Thursday reported that the FBI, U.S. Cyber Command, and the Secret Service joined forces with unnamed foreign governments to hack into REvil's infrastructure and take control of certain servers.

While specifics of the operation were not disclosed, it appears that efforts to infiltrate the group accelerated shortly after REvil breached IT management firm Kaseya in July. Following the attack, the FBI gained access to a universal decryption key that allowed affected companies to recover deleted files without paying a ransom, the report said. That key was withheld from Kaseya and the impacted firms as the FBI carried out a hacking operation targeting REvil associates.

In the weeks following the Kaseya attack, REvil's websites and backend infrastructure went offline for unknown reasons. When group members restarted those websites from a backup in September, they unknowingly activated servers controlled by law enforcement agencies, sources said.

One of the people responsible for bringing the servers back online confirmed that REvil's systems had been hacked in a post to an online forum last weekend.

The multinational effort to take down REvil and its associates is still active, according to the report.

REvil has been linked to a number of serious cyber crimes including the April hack of Quanta. At the time, the group threatened to release "confidential drawings" of future Apple Watch, MacBook Air and MacBook Pro models if the contract manufacturer failed to pay a $50 million ransom. As proof, the group leaked a handful of schematics claiming to show purported next-generation MacBook Air and MacBook Pro models, the latter of which proved to be accurate.

In addition to Kaseya and Quanta, REvil targeted and extracted funds from Colonial Pipeline and meat processing company JBS.

Read on AppleInsider


  • Reply 1 of 9
    Well, well, well… How the turntables
  • Reply 2 of 9
    lkrupplkrupp Posts: 10,557member
    Now send in black ops to physically take them down, one by one.
  • Reply 3 of 9
    They got Pwned. 
  • Reply 4 of 9
    chadbagchadbag Posts: 1,967member
    lkrupp said:
    Now send in black ops to physically take them down, one by one.
    That would cause a lot of soiled pants around the world in various hacker dens.  
  • Reply 5 of 9
    hexclockhexclock Posts: 1,209member
    lkrupp said:
    Now send in black ops to physically take them down, one by one.
    Now you’re talkin’
  • Reply 6 of 9
    rob55rob55 Posts: 1,291member
    These m-f'ers were allegedly behind the ransomware attack on my workplace. Great to see the tables turned on them.
  • Reply 7 of 9
    lkrupplkrupp Posts: 10,557member
    hexclock said:
    lkrupp said:
    Now send in black ops to physically take them down, one by one.
    Now you’re talkin’
    They can dump the bodies where they dumped Osama.
  • Reply 8 of 9
    They need to be outed—names, addresses, pictures. Then follow them and report their locations live in real time (especially if they travel) that feeds into a game app that allows players earn points by exacting revenge on them in small and large ways as they move around. Gum on their seat? Sugar in their fuel tank? Steal their messenger bag and drop it in a trash can? SWAT them. Let the fun begin.

    Only way out for them? A large ransom or become a double agent. 
  • Reply 9 of 9
    StrangeDaysStrangeDays Posts: 12,662member
    Death penalty for hackers? You guys need your heads examined, you sound like Chinese authoritarians. Prison time is fine.
Sign In or Register to comment.