Level 55
Top poster
Content Creator
Apr 24, 2016
The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil's infrastructure last week.

Over the weekend, BleepingComputer reported that the REvil ransomware operation shut down again after an unknown third party hijacked their dark web domains.

As part of this shutdown, a known REvil operator claimed that the unknown party was "looking" for them by modifying configuration files, so that the threat actor would be tricked into going to a site operated by the unknown entity.

Yesterday, Reuters reported that REvil's takedown resulted from an international law enforcement operation that included support from the FBI.

Today, the Groove ransomware gang published a Russian blog post calling on all other ransomware operations to target US interests.

The blog post also warns ransomware operations not to target Chinese companies, as the gangs would need to use the country as a safe haven if Russia takes a stronger stance on cybercrime operating inside its country.