REvil ransomware group that targeted Apple supplier gets hacked, taken offline

Citing sources familiar with the matter, Reuters on Thursday reported that the FBI, U.S. Cyber Command, and the Secret Service joined forces with unnamed foreign governments to hack into REvil's infrastructure and take control of certain servers.

While specifics of the operation were not disclosed, it appears that efforts to infiltrate the group accelerated shortly after REvil breached IT management firm Kaseya in July. Following the attack, the FBI gained access to a universal decryption key that allowed affected companies to recover deleted files without paying a ransom, the report said. That key was withheld from Kaseya and the impacted firms as the FBI carried out a hacking operation targeting REvil associates.

In the weeks following the Kaseya attack, REvil's websites and backend infrastructure went offline for unknown reasons. When group members restarted those websites from a backup in September, they unknowingly activated servers controlled by law enforcement agencies, sources said.

One of the people responsible for bringing the servers back online confirmed that REvil's systems had been hacked in a post to an online forum last weekend.

The multinational effort to take down REvil and its associates is still active, according to the report.

REvil has been linked to a number of serious cyber crimes including the April hack of Quanta. At the time, the group threatened to release "confidential drawings" of future Apple Watch, MacBook Air and MacBook Pro models if the contract manufacturer failed to pay a $50 million ransom. As proof, the group leaked a handful of schematics claiming to show purported next-generation MacBook Air and MacBook Pro models, the latter of which proved to be accurate.

In addition to Kaseya and Quanta, REvil targeted and extracted funds from Colonial Pipeline and meat processing company JBS.