The Russian state security service FSB has 14 suspected members of ransomware group REvil arrested in a coordinated series of raids on multiple locations on Friday, an operation apparently carried out after sustained lobbying and inquiries from US officials in recent months.

The FSB said the raids were carried out following “an appeal by the relevant US authorities, which reported on the leader of the criminal community and his involvement in encroaching on the information assets of foreign high-tech companies through malware injection, encryption of information and extortion of money.” for its decryption.” The service did not release the names of those arrested but said they had been charged with violating the country’s money laundering laws.

As part of the operation, authorities seized more than $600,000, €500,000, cryptocurrency, 20 vehicles and computer equipment. The confiscations of money and the charges of money laundering, not computer crimes, could indicate that the people arrested were only partners involved in the financial side of the deal and not the core developers of the ransomware or the people controlling the operation itself. Like many other ransomware companies, REvil leases its ransomware and infrastructure to affiliates under a ransomware-as-a-service model designed to reduce risk for operators while maximizing potential profits.

“As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community was disbanded, the information infrastructure used for criminal purposes was neutralized. Representatives of the relevant US authorities have been briefed on the results of the operation,” the FSB said in a statement.

the arrests They come at a time of heightened political tension as potential economic sanctions against Russia are being discussed in the US, and they also came on the same day that a number of Ukrainian government websites were defaced. The operation against REvil, a group that hasn’t been active for several months, could be more of a symbolic move than anything else, researchers said.

“I think it’s a combination of all those factors. There have been some negotiations with the US and Russia that may not have gone as well as they had hoped. It almost leads me to believe this was done on purpose to distract from the defacement attacks. It’s been a long time since Putin and Biden had these talks last summer,” said Chris Morgan, a senior cyber threat intelligence analyst at Digital Shadows.

“I almost wonder if they pursued REvil because it almost throws a scapegoat under the bus for not being active at the time. You are a big player, but not active. It could be a message to other groups that they need to be more careful about their alignment.”

The operation is a milestone in years of efforts by law enforcement, diplomats and other Western officials to persuade Russian authorities to take a meaningful step against the many ransomware gangs operating within the country’s borders. These efforts have largely failed so far for a number of reasons, including the fact that these ransomware groups meticulously avoid targeting organizations in Russia and mainly target companies in the West.

“They don’t do it out of the goodness of their hearts. Russia takes early steps to apply pressure later.”

Source link
#Russia #arrests #suspected #REvil #ransomware #members #urging

Leave a Reply