REvil, the Russia-based group of cybercriminals that extorted millions from hacking victims, is used to operating from the shadows. Now, they may not be operating at all.

On Tuesday morning, the group that recently hacked the world’s largest beef supplier vanished from the internet. Gone were its public facing blog, the messaging service it used to negotiate with victims, and the payment infrastructure for the ransoms it demanded.

The disappearance begs an obvious question: what happened? And, did Russian strongman Vladimir Putin yield to pressure from President Joe Biden?

Only 3 entities have capacity to bring ransomware's #REvil down: US Cyber Command; Putin, responding to Biden's threats; or REvil felt the heat and went cold. So many here have been impatiently remarking it is all more of the same with US response. Behold. https://t.co/RzECbAbvri

— Juliette Kayyem (@juliettekayyem) July 13, 2021

Last week, Biden and Putin spoke on the phone, and the American president said that cyberattacks on U.S. businesses and agencies would be treated as national security threats.

“I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said.

A reporter asked if the U.S. was prepared to attack the servers Russian cybercriminals have used to infiltrate American entities. Biden said yes.

According to a BBC report, which cites a credible hacker, Biden made good on his promise:

[The hacker] claims that the US “Feds took down” elements of their websites and so they pulled the plug on the rest of their operation. He also said there was pressure from the Kremlin too saying: “Russia is tired of the US and other countries crying to them.”

The United States Cyber Command is capable of knocking hackers out of commission. Last year, it “paralyz[ed] a ransomware group it feared might turn its skills to freezing up voter registrations or other election data in the 2020 election,” according to The New York Times.

Kremlin fails to deny takedown of sites used by Russian-based hacking group is connected to Biden's pressure on Putin https://t.co/bTkgNgcP4T

— Daily Mail Online (@MailOnline) July 14, 2021

On REvil’s surprise disappearance, The Times reports:

Allan Liska, a senior intelligence analyst at Recorded Future, said that if REvil has disappeared, he doubted it was voluntary. “If anything, these guys are braggadocios,” Mr. Liska said. “And we didn’t see any notes, any bragging. It sure feels like they abandoned everything under pressure.”

CNN provides additional context on REvil:

REvil is among the most prolific ransomware attackers, according to the cybersecurity firm CheckPoint. In the last two months alone, REvil conducted 15 attacks per week, CheckPoint spokesman Ekram Ahmed said.

Given the attention it has generated, REvil may have voluntarily chosen to lay low for a while, Ahmed added. “We recommend not jumping to any immediate conclusions as it’s early, but REvil is, indeed, one of the most ruthless and creative ransomware gangs we’ve ever seen.”