the infamous REvil ransomware operation was “neutralized” after Russian authorities searched and arrested more than a dozen members of the gang.

Russia’s Domestic Intelligence Service (FSB) announced on Friday that it had raided 25 addresses in the Moscow, St. Petersburg, Leningrad and Lipetsk regions belonging to 14 suspected REvil members. The search was prompted by a US government report on the REvil leader, and the FSB said American authorities had been briefed on the results of the operation against REvil.

“The basis of the search activities was the appeal of the relevant US authorities, which reported on the leader of the criminal community and his involvement in intrusion into the information resources of foreign high-tech companies by injecting malware, encrypting information and extorting money for his decryption,” the FSB announced on Friday.

[Related: Feds Unveil Arrest In Kaseya Ransomware Attack]

Russian authorities say they seized more than 426 million rubles (about $5.5 million), $600,000 in American currency and 500,000 euros (about $570,000) from the homes of REvil leaders . The FSB said it also seized 20 luxury cars bought with cybercrime money; computer equipment; and cryptocurrency wallets used to conduct ransomware activities.

The FSB said it was able to identify members of the REvil organization, document their illegal activities and determine members’ involvement in “illegal circulation of funds”. The Russian raid comes two months after the US authorities announced it arrested the Ukrainian national responsible for the attack on Kaseya and seized more than $6 million from another REvil member involved in 3,000 attacks.

“As a result of the joint actions of the FSB and the Ministry of Interior of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized,” the FSB said wrote in his announcement.

A CRN analysis found that REvil and its affiliates carried out four of the top ten ransomware attacks of 2021, more than any other ransomware operator. REvil was behind the biggest heist of the year when they exploited a flaw in Kaseya’s VSA remote monitoring and management tool to compromise nearly 60 MSPs, encrypt their data and demand ransom payments from up to 1,500 of their customers.

Back in March, REvil claimed they broke into and stole unencrypted data from PC giant Acer and posted alleged images of Acer’s financial charts, bank balances and bank communications on their public leak site. In April, REvil stole product blueprints from Apple supplier Quanta Computer, posted technical files on its leak site, and threatened to release the files if Apple didn’t pay a ransom.

And in June, JBS paid $11 million to the REvil ransomware operators who temporarily shut down factories that process about a fifth of the nation’s meat supply, the company’s chief executive said. But by the time REvil resumed operations months after the Kaseya attack, law enforcement had cracked the group’s servers and were able to control some of the ransomware gangs’ machines.

REvil made its appearance in the summer of 2019 when one of its subsidiaries was pursuing TSM Consulting, a small MSP providing products and services to 22 Texas cities and countries that were facing a devastating ransomware attack. The REvil subsidiary focused on managed service providers, often targeting MSPs whose customer base was heavily focused on a specific area, such as nursing homes or dental offices.


Source link
#REvil #ransomware #hackers #arrested #Russian #authorities

Leave a Reply