Russia says it has shut down the REvil ransomware gang, arrested several individuals and seized a total of about $7 million from the well-organized cybercrime operation that has plagued businesses in the U.S. and abroad for years.
In a press release, the FSB, Russia’s principal security agency, says it carried out the operation at the behest of the U.S.
A total of 14 members of the criminal operation were arrested after a raid on 25 addresses. Over 426 million rubles, $600,000, €500,000 and computer equipment ad cryptocurrency wallets used to carryout the crimes were seized, according to the FSB.
In addition, 20 luxury cars purchased with the proceeds of the ransomware operations were also taken by the FSB, the agency says. U.S. law enforcement was notified of the operation.
“The basis for the search activities was the appeal of the competent U.S. authorities, who reported on the leader of the criminal community and his involvement in encroachments on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption,” reads the FSB’s statement, which was translated into English.
REvil is, of course, one of the more notorious ransomware gangs in history and was responsible for the July 4 weekend attack that leveraged the Kaseya VSA platform and the software provider’s network of managed service providers to deploy ransomware en masse.
The group has also been linked to DarkSide, the ransomware operation that led to the shut down of the Colonial Pipeline in the spring of 2021.
The group went dark for a short period after that attack, but had since resurfaced on dark web forums. However, the group has attracted the attention of law enforcement to warrant a significant crackdown of its operations.
That crackdown includes a November arrest by U.S. authorities of a Ukrainian and Russian national alleged to have conducted REvil ransomware attacks, including the one involving Kaseya. The U.S. also seized $6.1 million related to the ransomware operation.
According to Reuters, Russian television was airing footage of agents raiding homes, arresting people and seizing assets from the alleged operators.
Combatting Russia-based ransomware operators has been a priority of U.S. officials of late, with cybercrime the topic of high-level discussions between the country’s officials over the last year.
Cybersecurity firm Palo Alto Networks listed REvil as one of —if not the most—active ransomware groups these days, pulling in an average ransom payment of about $2.25 million over the first half of 2021.
The group helped popularize the double extortion tactic by which ransomware gangs threaten to release stolen information if the ransom isn’t paid.
An analysis of the group’s targets by security firm Trend Micro reveals that the overwhelming majority of REvil’s targets are based in the U.S., while it is thought that the group avoids targeting Russian-speaking countries and CIS states.