REvil, the ransomware gang that attacked meat supplier JBS Foods this spring and a major IT software vendor this month, has mysteriously gone dark. Its websites are gone and there has been no word from their spokespeople. Some cybersecurity experts believe that they are just laying low while the heat is on. Others say that they haven’t gone missing; the authorities have shut them down with extreme prejudice. The actual reasons are unclear.
How might the authorities (whomever they may be) find REvil? After all, REvil’s tech is hidden behind a web of VPNs, they are on the “dark web,” and all the crypto transactions were to anonymous wallets.
Except… none of that is correct. It’s mythology and the stuff of cliché movie scripts. You can easily find the location of any website you can surface in a browser, the “dark web” just means the site isn’t listed in consumer search engines (Google, Bing, etc.), and unless you’re using a privacy coin (Monero, Zcash, DASH, etc.), companies like Chainalysis and CipherTrace can easily tell you who owns the wallet you just transferred your crypto to. Even with privacy coins, unless they have the discipline to make thousands of well spaced out small transactions, the moment they try to turn a sizable amount of crypto into fiat currency, they are likely to be found.
Anonymity is one of the big myths of crypto. It is often part of the “crypto is for drug dealers and sex traffickers” narrative, but it’s not true. Every crypto transaction is on a publicly viewable blockchain. So, unless you are a master at hiding in plain sight…
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it.