Russian government arrests members of REvil ransomware gang

The Federal Security Service (FSB) of the Russian Federation said it shut down the REvil ransomware gang after US authorities reported the leader.

More than a dozen members of the gang have been arrested following police raids at 25 addresses, Russia’s security agency said in a press release today.

Russian authorities have arrested 14 people suspected of being part of Operation REvil ransomware-as-a-service (RaaS) and confiscated cryptocurrency and fiat currency as follows:

• over 426 million rubles (about $5.5 million)
• 600 thousand US dollars
• 500 thousand euros (about $570,000)

Russian authorities also confiscated 20 luxury cars purchased with money from cyberattacks, computer hardware and cryptocurrency wallets used to develop and maintain the RaaS operation.

Footage from the raids available below shows how officers detained the suspects and confiscated cash and electronics:

The raids took place at addresses in the Moscow, St. Petersburg, Leningrad and Lipetsk regions.

the FSB says that he was able identify all members of the REvil gang, documented their illegal activities and established their participation in the “illegal circulation of means of payment”.

Besides creating the file-encrypting malware and deploying it on corporate networks around the world, REvil members have also been implicated in stealing money from the bank accounts of foreign citizens.

The FSB says it has informed the representatives of the competent American authorities of the results of the operation.