Russian Authorities Arrest the Culprits of the REvil Ransomware Attacks

Key Takeaways:

  • The Russian internal intelligence service (FSB) reported that 14 alleged members of REvil were raided at 25 residences across Moscow, St Petersburg, Leningrad, and Lipetsk.
  • Russian authorities seize $5.5 million, $600,000 in US money, and 500,000 Euros from the houses of the REvil leaders. 
  • REvil was involved in macbook pro design hacks last year.
Russian Authorities Arrest The Culprits Of The Revil Ransomware Attacks
Russian Authorities Arrest the Culprits of the REvil Ransomware Attacks

The notorious REvil ransomware operation has been “neutralised” after Russian officials stormed the gang’s headquarters and detained more than a dozen members.

The Russian internal intelligence service (FSB) reported on Friday that 14 alleged members of REvil were raided at 25 residences spanning Moscow, St. Petersburg, Leningrad, and Lipetsk. The search was initiated by a report from the US government on REvil’s leader, and according to the FSB, American officials were informed of the operation’s results.

“The basis for the search activities was the appeal of the competent US authorities, who reported on the leader of the criminal community and his involvement in encroachments on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption,” the FSB announced Friday.

Russian authorities said they seized more than 426 million Rubles ($5.5 million), $600,000 in US money, and 500,000 Euros ($570,000) from the houses of the REvil leaders. According to the FSB, they also seized 20 expensive cars acquired with money obtained through cybercrime, as well as computer equipment and cryptocurrency wallets used in ransomware attacks.

The FSB claimed it was able to track down members of the REvil organisation, document their illicit operations, and prove their involvement in “illegal payment circulation.” The Russian raid comes just two months after US officials reported the arrest of the Ukrainian national responsible for the Kaseya attack and the seizure of more than $6 million from another REvil member engaged in 3,000 attacks.

“The organised criminal community ceased to exist as a consequence of the joint activities of the FSB and the Russian Ministry of Internal Affairs,” the FSB said in a statement. “The information infrastructure used for illegal purposes was neutralised.”

And in June, JBS paid $11 million to the REvil ransomware operators who temporarily knocked out plants that process roughly one-fifth of the nation’s meat supply, the company’s chief executive said. But by the time REvil resumed operations months after the Kaseya attack, law enforcement had breached the groups servers and were able to control some of the ransomware gangs’ machines.

REvil burst onto the scene in summer 2019 when one of its affiliates went after TSM Consulting, a small MSP providing products and services to 22 Texas towns and countries that were subject to a devastating ransomware attack. The REvil affiliate focused on managed service providers often targeted MSPs with a client base that was highly concentrated in a specific area such as nursing homes or dentist offices.

REvil acquired product blueprints from Apple supplier Quanta Computer in April, placed technical files on their leak site, and threatened to disclose the files unless Apple paid a ransom, according to reports.

Default image
Shambhavi Soni