Russia's Federal Security Service said that 14 radical were arrested and millions successful currency has been seized.
More than a twelve members of the REvil ransomware radical person been arrested courtesy of the Russian government. On Friday, the Federal Security Service of the Russian Federation announced a associated effort betwixt it and the Ministry of Internal Affairs of Russia that led to the apprehension of 14 radical associated with the infamous cybercrime group.
SEE: Ransomware: What IT pros request to cognize (free PDF) (TechRepublic)
Some 25 residential addresses were searched with not lone the 14 radical arrested but respective assets seized, including much than 426 cardinal rubles, €500,000, $600,000 successful U.S. dollars, crypto wallets, machine instrumentality and 20 luxury cars bought with wealth obtained from the group's crimes.
The arrested individuals were charged with committing crimes nether Part 2 of Article 187 "Illegal circulation of means of payment" of the Criminal Code of Russia.
The cognition was conducted astatine the petition of U.S. authorities, according to the FSB, which added that the U.S. was informed of the outcome. "The investigative measures were based connected a petition from the … United States," the FSB said, according to Reuters. "The organized transgression relation has ceased to exist, and the accusation infrastructure utilized for transgression purposes was neutralized."
As ransomware attacks person grown much communal and much destructive implicit the past mates of years, REvil became infamous arsenic 1 of the large culprits. The radical brought undue attraction to itself past twelvemonth pursuing its attack against endeavor IT steadfast Kaseya, an incidental that affected much than 1,000 organizations crossed the firm's proviso chain. Another attack against nutrient processing institution JBS Foods further brought REvil into the spotlight.
The radical was reportedly taken down past October by a multi-nation operation successful which instrumentality enforcement officials and cyber specialists hacked into REvil's machine web infrastructure, taking power of immoderate of its infrastructure. Since then, radical members person been flying nether the radar but intelligibly were inactive astatine large.
The Biden medication has been pressuring Russia to instrumentality ransomware and its perpetrators seriously, particularly amid allegations that groups similar REvil person operated with astatine slightest the tacit support of the erstwhile Soviet Union. Friday's cognition besides came successful the midst of hostility betwixt the U.S. and the Kremlin implicit fears that Russia has been readying a caller penetration of Ukraine.
Referring to the FSB's remark that the cognition was carried retired astatine the petition of the U.S. government, Chris Morgan, elder cyber menace quality expert astatine Digital Shadows, said that this whitethorn correspond a backhanded connection indicating that Russia tin beryllium utilized to halt ransomware activity, but lone nether definite circumstances.
SEE: Ransomware attack: Why a tiny concern paid the $150,000 ransom (TechRepublic)
"It's apt that the arrests against REvil members were politically motivated, with Russia looking to usage the lawsuit arsenic leverage," Morgan said. "It could beryllium debated that this whitethorn subordinate to sanctions against Russia precocious projected successful the U.S., oregon the processing concern connected Ukraine's border. The information that the FSB targeted REvil, who person not been publically progressive successful conducting attacks since October 2021, is besides significant. Chatter connected Russian cybercriminal forums identified this sentiment, suggesting that REvil were 'pawns successful a large governmental game,' portion different idiosyncratic suggested that Russia made the arrests 'on purpose' truthful that the United States would 'calm down.'"
The FSB mightiness person besides raided REvil knowing that the radical was a high-priority people for the U.S. but that the arrests would person small interaction connected the existent ransomware landscape, Morgan added. The cognition whitethorn person adjacent been staged arsenic a informing to different ransomware gangs to beryllium mindful of whom they people lest they invitation undue attraction to themselves.
The question present is whether these arrests mean that REvil is genuinely down for the count.
"Regarding REvil, the transgression radical has seen a fewer iterations and astir apt their just stock of interior attrition since inception," said Neal Dennis, menace intel specializer astatine Cyware. "They've weathered integer attacks and take-downs but ever seemed to bounce back. Why? Because integer actions are thing without arrests of cardinal members of the gang. That being said, REvil is not the archetypal Russian cyber unit to beryllium wiped retired by Russian authorities and won't beryllium the last. In the past, erstwhile a radical gets arsenic ample and prolific arsenic this connected the planetary stage, Russia yet steps in."
Cybersecurity Insider Newsletter
Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and ThursdaysSign up today
- Infographic: The 5 phases of a ransomware attack (TechRepublic)
- Ransomware attack: Why a tiny concern paid the $150,000 ransom (TechRepublic)
- Ransomware attackers are present utilizing triple extortion tactics (TechRepublic)
- How to forestall different Colonial Pipeline ransomware attack (TechRepublic)
- How to go a cybersecurity pro: A cheat sheet (TechRepublic)
- Computer Hacking Forensic Investigation & Penetration Testing Bundle (TechRepublic Academy)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)