The Russian Federal Security Service (FSB) arrested many REvil ransomware gang members.
The police checked 25 residences in Moscow, St. Petersburg, Leningrad, and Lipetsk Oblasts during the operation. The searched properties belonged to 14 alleged cybercriminals. The FSB said:
“They created malware, arranged the theft of funds from foreign citizens’ bank accounts, and monetized them through online purchases of high-end goods.”
The FSB also took over 426 million rubles. This includes $600,000 in bitcoin, €500,000 in cryptocurrency wallets used to commit crimes, and 20 luxury cars purchased with unlawful funds.
Who is REvil?
Last year, REvil was one of the most active ransomware teams, and she was the one that attacked JBS and Kasey. The US officials told Reuters that one of the arrested was also behind the Colonial Pipeline ransomware attack. This confirms REvil’s ties to another group called DarkSide.
The gang formally disbanded in October 2021 after the US shut down its dark web servers. The following month, Romanian authorities arrested two REvil suspects. The US accused a 22-year-old Ukrainian man linked to a ransomware group of planning an attack against Kasey’s firm.
Meanwhile, entities linked to Russian special services stopped most of Ukraine’s public internet infrastructure.
Despite numerous law enforcement measures, the ransomware ecosystem continues to flourish. Partly due to Russia’s cybercriminal population. Cisco Talos Director of Intelligence and Threat Response Matt Olney said:
While we are still evaluating the full impact of these arrests, we appreciate the Russian government for its steps against the REvil ransomware criminal cell. We cannot allow cybercriminals and groups to function freely. So any consequence that reduces their powers is unquestionably a good thing.”