A ransomware gang shut down after Cybercom hijacked its site and it discovered it had been hacked

“The foreign government hacked the servers of REvil this summer, but the Russian-speaking criminal group did not discover it was compromised until Cybercom last month blocked its website by hijacking its traffic, said the officials who spoke on the condition of anonymity because of the matter’s sensitivity.

Cybercom’s action was not a hack or takedown, but it deprived the criminals of the platform they used to extort their victims — businesses, schools and others whose computers they’d locked up with data-encrypting malware and from whom they demanded expensive ransoms to unlock the machines, the officials said.

[FBI held back ransomware key from victims to run operation that never happened]

In the hours after the Cybercom operation, which has not been previously reported, one of REvil’s leaders saw the site’s traffic had been redirected.

“Domains hijacked from REvil,” wrote 0_neday, an REvil leader, on a Russian-language forum popular with cyber criminals, on Oct. 17.”

Source: A ransomware gang shut down after Cybercom hijacked its site and it discovered it had been hacked