REvil Ransomware Gang Shut Down in Russian Raid
In other security news this week …
The Federal Security Service (FSB) of the Russian Federation says it shut down the REvil ransomware gang.
More than a dozen members of the gang have been arrested following police raids at 25 addresses, according to a Russian security agency press release.
The agency seized over 426 million rubles ($5.6 million), $600,000 in cryptocurrency and 500,000 thousand euros, computer equipment, crypto wallets used to commit crimes and 20 luxury cars purchased with money obtained from crimes.
The FSB serves as Russia’s internal intelligence agency. It conducted its operation at the request of U.S. authorities, which were notified of their results.
REvil was behind the ransomware attacks on Kaseya, Colonial Pipeline and meat supplier JBS USA last year.
Joseph Carson is chief security scientist and advisory CISO at ThycoticCentrify.
“REvil are a well-known ransomware gang that has caused havoc for many organizations around the world so it is unsurprising that they would be a target,” he said. “Many hackers around the world are using their skills for good. And this includes government hackers who work vigorously to defend society from cybercrime. So targeting REvil will likely be a statement that governments will work together to stop cybercriminals at the source.”
Chris Morgan is senior cyber threat intelligence analyst at Digital Shadows.
“The fact that the FSB targeted REvil, who have not been publicly active in conducting attacks since October 2021, is also significant,” he said. “Chatter on Russian cybercriminal forums identified this sentiment, suggesting that REvil were ‘pawns in a big political game,’ while another user suggested that Russia made the arrests ‘on purpose’ so that the United States would ‘calm down.’ It’s possible that the FSB raided REvil knowing that the group were high on the priority list for the United States, while considering that their removal would have a small impact on the current ransomware landscape. These arrests could also have served a secondary purpose, as a warning to other ransomware groups. REvil made international news last year in its targeting of organizations such as JBS and Kaseya, which were high-profile and impactful attacks. A very public series of raids could be interpreted by some as a message to be mindful of their targeting.”
