Russian law enforcement authorities announced Friday that they have arrested 14 people associated with REvil, a high-profile ransomware group that has disrupted critical operations of wealthy targets and held their data hostage.
The action, led by Russia’s FSB, the successor agency to the KGB, is a rare example of the country’s government cracking down on cybercrime by its citizens. The United States and Russia do not have an extradition treaty in place, and critics have said the Kremlin regularly harbors cybercriminals as long as they don’t target organizations located in the former Soviet Union. The arrests come as tensions between Russia and the United States escalate over a standoff involving Ukraine.
Big game hunter neutralized
“Russia’s FSB has established the full composition of the ‘REvil’ criminal community and the involvement of its members in the illegal circulation of means of payment and documented illegal activities,” Russian officials said. wrote. “In order to implement the criminal plan, these people developed malware and organized the theft of funds from the bank accounts of foreign citizens and their collection, including buying expensive goods on the Internet.
Friday’s statement added: “As a result of joint actions by the FSB and the Russian Interior Ministry, the organized criminal community has ceased to exist. The IT infrastructure used for criminal purposes has been neutralized.
REvil first appeared in 2019 and quickly developed a reputation for its technical prowess and uncompromising tactics, which included highly customizable ransomware and the public shaming of its victims. The gang practiced what is known in ransomware circles as big game hunting, meaning it targeted organizations with pockets deep enough to pay tens of millions of dollars. In April last year, researchers ranked REvil as the 3rd group of ransomware, responsible for approximately 4 percent attacks on the public and private sectors.
REvil’s victims included huge international meat and poultry producer JBS SA, which in June was hit by an attack that shut down some operations. Other REvil victims include a law firm that represented Lady Gaga and other celebrities. The software company Kaseya was also hacked, resulting in the infection of approximately 1,500 organizations that requested the services of Kaseya or one of its customers. In October, REvil shut down its Happy Blog shame site after members said their infrastructure had been hacked.
A joint operation between the FSB and the local police raided 25 addresses and arrested 14 people; he also seized 426 million rubles, $600,000, 500,000 euros, computer equipment and 20 luxury cars, according to Friday’s statement. Russian officials said they directly informed their American counterparts of the action. Authorities carried out the operation following a request from the United States, the FSB said.
Last year, President Biden repeatedly pressed his Russian counterpart Vladimir Putin to arrest cybercrime syndicates in Russia and warned that attacks on pipelines and similar critical infrastructure would not be tolerated.
- Russia Arrests REvil Ransomware Gang Members, Seizes $6.6 Million
- REvil ransomware is back in full attack and data leak mode
- Russia indicts 8 suspected REvil ransomware gang members
- REvil ransomware gang members and their affiliates arrested in multiple raids – TechToSee
- US Seizes $ 6 Million In REvil Ransomware, Arrests Kaseya Hacker