The Russian Federal Security Service (FSB) announced on Friday that it has arrested 14 members of the REvil ransomware group, effectively shutting its operations.
Russia Arrests REvil Members
The FSB conducted raids at 25 addresses across the Moscow, St. Petersburg, Leningrad and Lipetsk regions. Funds were seized as well; in total over 426 million rubles, unnamed cryptocurrency, 600 thousand US dollars, 500 thousand euros. Computer equipment, cryptocurrency wallets, and 20 cars purchased with the funds were also seized.
The investigation at the request of U.S. authorities:
The basis for the search activities was the appeal of the competent U.S. authorities, which reported on the leader of the criminal association and his involvement in encroachments on the information resources of foreign high-tech companies through the introduction of malicious software, encryption of information and extortion of funds for its decryption.
In December, the U.S. government had traced ransomware payments to an address in Federation Tower East in Moscow, Russia. Ransomware groups such as REvil were not mentioned in the report.
REvil is believed to be responsible for attacks against JBS Foods, Kaseya, and others. They shut down their operations in July 2021. They went dark in October after their network was hacked through a multi-country effort.
According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil’s computer network infrastructure, obtaining control of at least some of their servers. After websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself “Unknown,” vanished from the internet.
The REvil members have been charged with committing crimes under Part 2 of Art. 187 “Illegal turnover of means of payment” of the Criminal Code of Russia.
That’s a good start.