The Biden administration is not sure why REvil, a ransomware group thought to be based in Russia, has disappeared from the dark web, a senior official said Tuesday.
The administration official added that the U.S., however, will continue to put pressure on criminal groups such as REvil and on governments such as Russia that are responsible for areas where those groups operate.
Comments made by Biden administration officials in an interview with POLITICO make it clearest that the U.S. has played no direct role in taking down REvil's website and other online infrastructure in recent days.
REvil is suspected of launching cyberattacks and conducting extortion against a meat supplier and a major information technology provider in recent months. The move hit companies in the U.S. and other countries, locking them out of the system while REvil demanded money to stop the attacks.
Asked whether the government has taken any action against such cybercriminals in Russia, the senior official would not say.
Specifically with regard to REvil, "We certainly note that they have stopped their actions, we don't know exactly why." The official said." But we are still urging Russia to take action against the cybercriminals operating within its borders. We are not declaring victory."
Asked if the Kremlin had banned the organization or caused it to take down its website, the official said." It's possible, I guess. Again, we don't know exactly why they banned it." The official spoke on condition of anonymity under ground rules set by the government.
The U.S. did not directly link REvil's attack to the Kremlin. But President Joe Biden warned Russian leader Vladimir Putin that his government needs to take action against such criminal organizations and that the U.S. will take action against them if it must.
Biden's aides said dealing with the growing ransomware threat is a top priority for the United States, and they are using a variety of measures to draw unprecedented attention to the threat.
But addressing ransomware is also a tough topic for them to discuss, given the highly classified nature of U.S. cyber capabilities. Over the past week, government officials have been cautious when asked what led to the breach of REvil Online.
Over the weekend, another senior government official said the U.S. is tracking publicly available information as it monitors the case.
"It appears, at least from publicly available information, that REvil's spokesman's account may have been banned by Russian hacking channels." The official said." And we continue to see that REvil's infrastructure remains shut down. We see that as a very positive thing."