Written by Joe Warminsky
The Russian government said Friday it searched multiple addresses linked to members of the REvil ransomware gang, making arrests and seizing cash, cryptocurrency, computers and cars.
The Federal Security Service (FSB) said it carried out the stabbing at locations in Moscow, St. Petersburg and elsewhere. The operation was at the request of the United States, the FSB said. The FBI did not immediately respond to requests for comment Friday morning.
“Representatives of the relevant US authorities have been briefed on the results of the operation,” the FSB said Translation of his press release.
A senior Biden administration official said “we understand” that one of those arrested was responsible for the Colonial Pipeline ransomware attack that sparked a fuel panic on the East Coast last year, an attack previously attributed to another Russian ransomware gang , DarkSide. DarkSide sometimes has has been linked to REvil.
The US has reportedly passed the names of hackers within its borders to Russia behind active attacks on America in the hope that this would lead to a Russian crackdown. Russian President Vladimir Putin said last summer that his country had agreed to start “consultation” on cybersecurity with the US but did not share details.
The arrests have raised suspicions about Russia’s motives among Kremlin and cybersecurity experts, amid reports Russia is considering an invasion of Ukraine and the US has threatened sanctions in retaliation.
The Russian state news agency TASS posted a video on YouTube allegedly about the arrests. It also identified two arrested suspects as Roman Muromsky and Andrei Bessonov.
REvil, one of the most aggressive and successful Russia-based cybercrime groups, has been under pressure from global law enforcement agencies as well as the US Cyber Command, which helped with shutdown many of the gang’s digital operations over the past year.
The gang claimed responsibility for a major attack on Florida-based IT company Kaseya in July 2021. The company appreciated that up to 1,500 of his customers were affected by the incident. Among the victims are New Zealand schools, an international textile company, a Swedish grocery chain and two cities in Maryland.
According to the FBI, the group generated roughly $200 million in ransom payments between April 2019 and June 2021.
The FSB said on Friday it had seized 426 million rubles, “including in cryptocurrency,” as well as $600,000 and 500,000 euros. Also caught: “20 premium cars”, a favorite goods by Russian cyber criminals.
Yaroslav Vasinksyi, the man accused of writing the REvil ransomware – also known as Sodinokibi – was arrested in Poland on October 8 at the behest of US authorities. A senior White House official declined to say in November whether Russia helped in this arrest.
Reuters quoted unnamed officials A suspect with Russian citizenship is unlikely to be handed over to the United States.
The arrests coincide Ukraine reports cyberattacks on several of its government agencies during rising security tensions with Russia.
“REvil may have hit targets in Russia, leading to today’s breakup of the ransomware gang,” speculated Tom Kellerman, head of cybersecurity strategy at VMware. “I believe that those arrested are not senior leadership and that REvil is simply being subjected to show trials. Furthermore, today’s systemic cyber attack is likely a precursor to a Russian invasion of Ukraine. They prepare the battlefield.”
The senior government official praised Russia for the arrests without commenting on his motives.
“We welcome reports that the Kremlin is taking law enforcement action to deal with ransomware emanating from its borders,” the official said. “These are very important steps that show the Kremlin is taking action against criminals operating within its borders and represent what we are looking for in terms of further activity like this in the future.”
The official also said he expects Russia to handle the arrests through its own law enforcement system, a situation that has raised some doubts as to whether the culprits will really be brought to justice. The US and Russia do not have an extradition treaty.
Updated 01/14/22: Added details on the arrests, comment from a senior administration official, and comment from Kellerman.
#Russias #FSB #announces #stabbing #members #REvil #cybercrime #gang #CyberScoop