Russia arrests members of notorious REvil ransomware gang

Image for article titled Russia arrests members of REvil, one of the world's most wanted ransomware gangs

Photo: FSBTASS (Getty Images)

In a surprising twist, the Russian government announced the arrest of several members of REvil, the prominent ransomware gang behind many large-scale attacks on US targets.

The Federal Security Service (FSB), Russia’s domestic intelligence agency, said in a Press release On Friday he had recently raided 25 residences in Moscow, Leningrad, Lipetsk and St. Petersburg, where 14 members of the cybercriminal gang were stopped. During the raids, authorities seized more than 426 million rubles, $600,000 and 500,000 euros, along with 20 luxury vehicles and hordes of computer equipment.

Although the identities of the hackers have not been made public at this time, video provided by the FSB shows officers chasing and handcuffing various people, while searching apartments. The Russian government further noted that it apprehended the criminals at the request of the United States. the FSB press release reads (translated from Russian via Google):

“The search activities were based on the appeal of the relevant US authorities, who reported the leader of the criminal community and his involvement in encroaching on the information resources of foreign high-tech companies by introducing malicious software, by encrypting information and extorting money for its decryption…”

REvil has been high on America’s shit list ever since he directed the massive Kaseya ransomware attack last summer. The attack used malware updates in the tech company’s popular computer products to infect more than 1,500 different companies around the world, including many in the United States. emergency action by the White House, $10 million reward to obtain information leading to the arrest of the gang, and calls for a better federal cybercrime strategy.

But the gang is also said to have been involved in attacks on hardware manufacturer Acer, celebrity law firm Grubman Shire Meiselas & Sacks (they or they would have fled 2.4 gigabytes of Lady Gaga legal documents), and Quantum, a major computer parts supplier that works for Apple, among other big names. He also led a disruptive ransomware attack on meat processing giant JBS Foods last may, temporarily forcing the company to close a number of its food production sites. All in all, they caused a lot of damage.

US authorities have for some time been calling on Russia to crack down on cybercriminal gangs operating within the country’s borders. A series of meetings between Russian President Vladimir Putin and US President Joe Biden last year showed that the two leaders agreed that more needed to be done to stop ransomware attacks, although Russia didn’t really nothing done so far.

Still, it’s a potentially promising development. If Russia is willing to stop this gang, it could signal a more docile attitude when it comes to pursuing the many other cybercriminal syndicates operating outside its territories.

Some commentators, however, noted the odd timing of the FSB operation. The United States and Russia are currently experiencing serious tensions over the political situation in Ukraine, where some American commentators alleged that Russia is preparing for a military invasion. As such, the possibility that Russia shut down REvil as some kind of negotiating tactic with the United States seems plausible to some. “I think it’s perfectly reasonable to worry about Russian ulterior motives,” said John Hultquist, vice president of threat intelligence at Mandiant, recently. says WIRED.

Ukraine has also recently suffered a cyberattack that defaced government websites, although there has been no official attribution as to who is responsible.


Comments are closed.