The Federal Security Service (FSB) of the Russian Federation says they shut down the REvil ransomware gang after US authorities reported on the leader.

More than a dozen members of the gang have been arrested after police raids at 25 addresses, the Russian security agency said in a press release today.

“The basis of the search activities was the appeal of the relevant US authorities, which reported on the leader of the criminal community and his involvement in intrusion into the information resources of foreign high-tech companies by injecting malware, encrypting information and extorting money for his Decryption” – Russia’s Federal Security Service

Russian authorities have arrested 14 people suspected of being part of ransomware-as-a-service (RaaS) operation REvil and confiscated cryptocurrency and fiat money as follows:

  • more than 426 million rubles (about 5.5 million US dollars)
  • $600,000
  • 500,000 euros (approx. $570,000)

Russian authorities also seized 20 luxury cars purchased with cyberattack funds, computer equipment and cryptocurrency wallets used to develop and maintain RaaS operations.

Footage from the raids, available below, shows officers arresting suspects and confiscating money and electronics:

The raids took place at addresses in the Moscow, St. Petersburg, Leningrad and Lipetsk regions.

the Says FSB that it could Identify all members of the REvil gang, documented their illegal activities and established their involvement in the “illegal circulation of means of payment”.

Aside from creating the file-encrypting malware and deploying it in corporate networks around the world, REvil members have also been involved in stealing money from foreign citizens’ bank accounts.

“As a result of the joint actions of the FSB and the Ministry of Interior of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized,” according to the Federal Security Service of Russia

The FSB announced that it had informed the representatives of the responsible US authorities about the results of the operation.

REvil ransomware is crumbling

REvil ransomware (aka Sodin and Sodinokibi) was created in April 2019 from the void he left behind switch off the GandCrab operation.

In less than a year, the gang became the most prolific ransomware group, demanding some of the largest ransoms from their victims. It rose to shame in August 2019 when it met several local governments in Texas and demanded a collective ransom of $2.5 million—the highest to date.

Soon demanding huge sums of money from large organizations and get paid became the norm. In a year, the gang claimed Over $100 million in winnings.

REvil’s most famous hit was the Attack on Kaseya’s supply chain which paralyzed around 1,500 companies around the world. The ransom note to decrypt all organizations was 70 million dollars at bitcoin.

This attack prompted a strict reply from USA, with President Biden calling on President Putin to take action against cybercriminals living in Russia; otherwise the US would act itself.

The gang was also the first to have a representative, first going under the forum name UNKN, later moving to Unknown, promoting the REvil RaaS business in the Russian-speaking criminal hacker community.

This public representative disappeared shortly after the Kaseya attack (some believed Unknown was arrested) and pressure from international law enforcement agencies mounted.

After the Kaseya attack, the REvil operation took a break and then operations resumed two months later. What the operators didn’t know was that law enforcement had breached their servers before the disruption, and when they restored the systems from backups, the criminals also restored the machines controlled by law enforcement.

The FSB’s action against REvil comes after US and international law enforcement organizations joined forces to identify and arrest members of ransomware operations.

Consequently the US Announced November 2021 that it had arrested a REvil ransomware affiliate responsible for the Kaseya attack (Ukrainian national Yaroslav Vasinskyi) and seized over $6 million from another Revil partner (Russian national Yevgeniy Polyanin), who is believed to have has carried out about 3,000 ransomware attacks.

In the same month, authorities in Romania arrested two REvil ransomware partners responsible for 5,000 attacks that earned them €500,000 in ransom money collected.

To update [January 14, 2022, 13:26 EST]: Added background information about the REvil ransomware gang and arrests of their partners

Source link
#Russia #Arrests #REvil #Ransomware #Gang #Members #Seizes #66M

Leave a Reply