Russia Says It Has Neutralized Ruthless REvil Ransomware Gang

Skull and crossbones in binary code

Russian law enforcement authorities said Friday they have arrested 14 people associated with REvil, a major ransomware group that disrupted critical operations of wealthy targets and held their data hostage.

The action, carried out by Russia’s FSB, the KGB’s successor agency, is a rare example of the country’s government cracking down on cybercrime by its citizens. The United States and Russia do not have an extradition treaty in place, and critics have said the Kremlin routinely harbors cybercriminals as long as they do not target organizations located in the former Soviet Union. The arrests come as tensions rise between Russia and the United States over a standoff involving Ukraine.

Big game hunter neutralized

“Russia’s FSB established the full composition of the ‘REvil’ criminal community and the involvement of its members in the illegal circulation of means of payment and documented illegal activities,” Russian officials wrote. “In order to implement the criminal plan, these people developed malicious software and organized the theft of funds from the bank accounts of foreign citizens and their collection, including through the purchase of expensive goods on the Internet.”

Friday’s statement added: “As a result of the joint actions of the FSB and the Russian Interior Ministry, the organized criminal community ceased to exist. The information infrastructure used for criminal purposes was neutralized.”

REvil first appeared in April 2019 and quickly developed a reputation for its technical prowess and tough tactics, which included highly customizable ransomware and public shaming of its victims. The gang has practiced what is known in ransomware circles as big game hunting, meaning they targeted organizations with pockets deep enough to pay fees in the tens of millions of dollars. In April of this year, researchers ranked REvil as the Third group of ransomware, responsible for approx. 4 percent attacks on the public and private sectors.

REvil’s victims included the huge international meat and poultry producer JBS SA, which suffered an attack in June that shut down some operations. Other REvil victims include a law firm that represented Lady Gaga and other celebrities. The Kaseya software firm was also breached, leading to the infection of some 1,500 organizations seeking services from Kaseya or one of its clients. In October, REvil shut down its embarrassing Happy Blog site after members said its infrastructure had been hacked.

A joint operation between the FSB and the local police searched 25 homes and arrested 14 people; it also seized 426 million rubles, $600,000, €500,000, computer equipment and 20 luxury cars, according to Friday’s statement. Russian officials said they directly informed their US counterparts of the action. Authorities carried out the operation following a request from the US, the FSB said.

Last year, President Biden repeatedly pressured his Russian counterpart, Vladimir Putin, to arrest cybercrime syndicates in Russia and warned that attacks on oil pipelines and similar critical infrastructure would not be tolerated.

Leave a Reply

Your email address will not be published. Required fields are marked *