In an unprecedented move, Russia’s Federal Security Service
(FSB), the country’s principal security agency, on Friday disclosed
that it arrested several members belonging to the notorious REvil
ransomware gang and neutralized its operations.
The surprise operation, which it said was carried out at the
request of the U.S. authorities, saw the law enforcement agency
conduct raids at 25 addresses in the cities of Moscow, St.
Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to
14 suspected members of the organized cybercrime syndicate.
“In order to implement the criminal plan, these persons
developed malicious software, organized the theft of funds from the
bank accounts of foreign citizens and their cashing, including
through the purchase of expensive goods on the Internet,” the FSB
said[1]
in a statement.
In addition, the FSB seized over 426 million rubles, including
in cryptocurrency, $600,000, €500,000, as well as computer
equipment, crypto wallets used to commit crimes, and 20 luxury cars
that were purchased with money obtained by illicit means.
One of the most active ransomware crews last year, REvil took
responsibility for high-profile attacks against JBS[2]
and Kaseya[3], among a string of
several others. The U.S. government told Reuters[4]
that one of the arrested individuals was also behind the ransomware
attack on Colonial Pipeline[5]
in May 2021, once again confirming REvil’s connections to another
group called DarkSide.
The group formally closed shop in October 2021 after the U.S. intervened[6]
to take its network of dark web servers offline. The next month,
Romanian law enforcement authorities announced[7]
the arrest of two individuals for their roles as affiliates of the
REvil ransomware family, even as the U.S. charged[8]
a 22-year-old Ukrainian citizen linked to the ransomware gang for
orchestrating the Kaseya ransomware attack.
All those detained have been charged with “illegal circulation
of means of payment,” a criminal offense punishable by up to six
years in prison. The suspects weren’t named, but Reuters noted that
a Moscow court identified two of the men as Roman Muromsky and
Andrei Bessonov.
The crackdown also comes as threat actors likely affiliated with
Russian secret services crippled much of the Ukrainian government’s
public-facing digital infrastructure, in addition to defacing some
of them with messages that alleged people’s personal data had been
made public and that the information stored in the servers was
being destroyed.
It remains to be what impact the arrests will have on the larger
ransomware ecosystem, which has by and large continued to flourish[9]
despite a number of law enforcement actions, partly driven by
Russia’s willingness to look the other way when it comes to
harboring cybercriminals in the country, effectively allowing the
bad actors to operate with impunity.
“While we are still looking to understand the true impact of
these arrests, we applaud the Russian government for the actions it
took today with regard to the REvil criminal ransomware group,”
Matt Olney, director of threat intelligence and interdiction at
Cisco Talos, said. “It’s important that criminal cyber actors and
organizations not be allowed to operate with impunity. And so any
result that leads to degrading of their capabilities is undoubtedly
a good thing.”
References
Read more https://thehackernews.com/2022/01/russia-arrests-revil-ransomware-gang.html