Four days ago, the REvil ransomware gang’s leak site, known as the “Happy Blog,” went offline. Cybersecurity experts wondered aloud what might have caused the infamous group to go dark once more.
One theory was that it was an inside job pulled by the group’s disaffected former leader. Another was that law enforcement had successfully hacked and dismantled the group. “Normally, I am pretty dismissive of ‘law enforcement’ conspiracy theories, but given that law enforcement was able to pull the keys from the Kaseya attack, it is a real possibility,” Allan Liska, a ransomware expert, told ZDNet at the time.
“Rebranding happens a lot in ransomware after a shutdown,” he said. “But no one brings old infrastructure that was literally being targeted by every law enforcement operation not named Russia in the world back online. That is just dumb.”