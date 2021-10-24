In 2021, the hacker group REvil was known for massive cyber attacks in large parts of the world, including theft of MacBook Pro design schemes, invasion of Colonial Pipeline, the company responsible for supplying fuel on the east coast of the United States, and even disruption operations of the Brazilian food group JBS in Australia. This week, the FBI created a major twist by hacking the group’s servers.

According to a report by Reuters, the FBI has been working on the counterattack since July, when REvil managed to infect software from the IT company Kaseya. This infected system was distributed as an update to the company’s customers and consequently compromising their systems. At the time, the FBI managed to obtain a key capable of decrypting all affected systems, but did not send it to victims promptly. The agency retained the key for a few weeks and used that period to track down the REvil in secrecy. This opened the door for the attack, resulting in the disappearance of the dark web group and its representatives. In September, the member known as 0_neday, with support from other members, restored a backup that made the REvil sites work again, in September, but that’s where their downfall lies.

The backup used by 0_neday was also compromised and when it was restored, investigators were able to monitor the group again. When he noticed the error, 0_neday posted a message on a hacker forum saying “the server was compromised and they were looking for me”. The notice ended with the phrase “good luck everyone, I’m out”. According to Reuters sources, the investigations are still ongoing, but in any case, the FBI’s actions have already taken effect and the group of hackers is once again inoperative.