A look at part of the group’s online infrastructure shows clear lines to Russian and U.K. service providers. The U.S. is pressing Russia for more cooperation in cracking down on ransomware criminals. The group has set up a regular website, decoder[dot]re, for negotiations in case Tor is blocked in a particular country. One of those portals has been left with fewer protections, which, in theory, could help law enforcement agencies. Some infected organizations have been negotiating ransom payments with REvil via those portals.”]
Source: https://www.cuinfosecurity.com/blogs/theres-clear-line-from-revil-ransomware-to-russia-p-3065