Russia arrests REvil ransomware gang members at request of US officials

Russia’s Federal Safety Service stated that 14 folks have been arrested and hundreds of thousands in foreign money has been seized.

Money that has been seized from detained hackers.

Cash that has been seized from detained hackers. On the request of the US, the FSB has detained a bunch of hackers who despatched ransomware viruses. The FSB stated that over 426 million rubles, together with in cryptocurrency, $600,000 and 500,000 euros, in addition to computer systems had been seized in 25 flats of 14 members of the REvil hacking group. 

Picture: FSBTASS/Getty Photographs

Greater than a dozen members of the REvil ransomware group have been arrested courtesy of the Russian authorities. On Friday, the Federal Safety Service of the Russian Federation introduced a joint effort between it and the Ministry of Inside Affairs of Russia that led to the arrest of 14 folks related to the notorious cybercrime group.

SEE: Ransomware: What IT professionals have to know (free PDF) (TechRepublic)

Some 25 residential addresses have been searched with not solely the 14 folks arrested however a number of belongings seized, together with greater than 426 million rubles, €500,000, $600,000 in U.S. {dollars}, crypto wallets, laptop gear and 20 luxurious automobiles purchased with cash obtained from the group’s crimes.

The arrested people have been charged with committing crimes beneath Half 2 of Article 187 “Unlawful circulation of technique of fee” of the Felony Code of Russia.

The operation was performed on the request of U.S. authorities, in keeping with the FSB, which added that the U.S. was knowledgeable of the result. “The investigative measures have been primarily based on a request from the … United States,” the FSB stated, in keeping with Reuters. “The organized legal affiliation has ceased to exist, and the data infrastructure used for legal functions was neutralized.”

As ransomware assaults have grown extra widespread and extra damaging over the previous couple of years, REvil grew to become notorious as one of many main culprits. The group introduced undue consideration to itself final 12 months following its assault towards enterprise IT agency Kaseya, an incident that affected greater than 1,000 organizations throughout the agency’s provide chain. One other assault towards meat processing firm JBS Meals additional introduced REvil into the highlight.

The group was reportedly taken down final October by a multi-nation operation wherein regulation enforcement officers and cyber specialists hacked into REvil’s laptop community infrastructure, taking management of a few of its infrastructure. Since then, group members have been flying beneath the radar however clearly have been nonetheless at giant.

The Biden administration has been pressuring Russia to take ransomware and its perpetrators significantly, particularly amid allegations that teams like REvil have operated with at the very least the tacit permission of the previous Soviet Union. Friday’s operation additionally got here within the midst of stress between the U.S. and the Kremlin over fears that Russia has been planning a brand new invasion of Ukraine.

Referring to the FSB’s remark that the operation was carried out on the request of the U.S. authorities, Chris Morgan, senior cyber risk intelligence analyst at Digital Shadows, stated that this may occasionally symbolize a backhanded message indicating that Russia can be utilized to cease ransomware exercise, however solely beneath sure circumstances.

SEE: Ransomware assault: Why a small enterprise paid the $150,000 ransom (TechRepublic)

“It is possible that the arrests towards REvil members have been politically motivated, with Russia wanting to make use of the occasion as leverage,” Morgan stated. “It may very well be debated that this may occasionally relate to sanctions towards Russia just lately proposed within the U.S., or the growing scenario on Ukraine’s border. The truth that the FSB focused REvil, who haven’t been publicly energetic in conducting assaults since October 2021, can also be vital. Chatter on Russian cybercriminal boards recognized this sentiment, suggesting that REvil have been ‘pawns in a giant political sport,’ whereas one other consumer prompt that Russia made the arrests ‘on goal’ in order that the US would ‘settle down.'”

The FSB might need additionally raided REvil understanding that the group was a high-priority goal for the U.S. however that the arrests would have little influence on the present ransomware panorama, Morgan added. The operation could have even been staged as a warning to different ransomware gangs to be aware of whom they aim lest they invite undue consideration to themselves.

The query now’s whether or not these arrests imply that REvil is really down for the depend.

“Relating to REvil, the crime group has seen a couple of iterations and doubtless their justifiable share of inside attrition since inception,” stated Neal Dennis, risk intel specialist at Cyware. “They’ve weathered digital assaults and take-downs however at all times appeared to bounce again. Why? As a result of digital actions are nothing with out arrests of key members of the gang. That being stated, REvil shouldn’t be the primary Russian cyber crew to be worn out by Russian authorities and will not be the final. Previously, when a bunch will get as giant and prolific as this on the worldwide stage, Russia ultimately steps in.”

Additionally see

Recent Articles


Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox