Russia arrests 14 alleged members of REvil ransomware gang

Russia arrests 14 alleged members of REvil ransomware gang


Russia’s home intelligence service introduced a particular operation marketing campaign in opposition to the infamous felony ransomware group, REvil, Friday. In response to the Federal Safety Service (FSB), Russian authorities raided 25 addresses, ensuing within the arrest of 14 people and seizure of greater than $1 million price of property: 426 million rubles, $600,000, 500,000 euros, pc tools, crypto wallets and 20 luxurious vehicles.

FSB detains hackers spreading ransomware viruses
Russia, Jan.14, 2022: FSB officer checks laptop computer of a detained hacker. At request of the U.S., FSB  detains a bunch of hackers who despatched ransomware viruses. 

Video display screen seize/FSB/TASS


The Russia-based REvil gang has waged a spate of high-profile assaults on main U.S. and worldwide firms, together with the July 4 assault on software program firm Kaseya and a Might ransomware assault on JBS USA, the world’s largest meat processing firm.

Earlier this 12 months, REvil reportedly demanded $50 million from Apple forward of its product launch after hacking one among its suppliers, Quanta Pc. Associates of the felony ransomware group have been linked to the Might shut down of Colonial Pipeline, the nation’s largest oil producer.

The FSB’s announcement got here as Ukraine scrambled to reply to a cyber assault shutting down its public-facing authorities web sites, together with the homepage for the Overseas Ministry, which briefly displayed a message warning Ukrainians to “be afraid and anticipate the worst.” Ukraine’s safety service stated, Friday, “there are some indicators of involvement [by] hacker teams related to the Russian secret providers.” 

The FSB claimed these arrested Friday, had “developed malicious software program and arranged the theft of funds from the financial institution accounts of overseas residents and cashed them out, together with by buying costly items on the Web.”

“Because of the joint actions of the FSB and the Ministry of Inner Affairs of Russia, the organized felony group ceased to exist,” the assertion boasted.

The White Home acknowledged, Friday, that one of many hackers arrested had been concerned within the Colonial Pipeline incident. 

“We perceive that one of many people who was arrested as we speak was accountable for the assault in opposition to Colonial Pipeline final spring,” a senior administration official briefed reporters, Friday. “We’re dedicated to seeing these conducting ransomware assaults in opposition to People delivered to justice.”

The FSB additionally handed out footage depicting brokers raiding houses, tackling suspects to the ground, handcuffing people with blurred-out faces and sorting by stacks of Russian rubles.

Suspected REvil hacker Roman Muromsky, 33, has been detained following the raids, although it is unclear if the previous chief of cybercriminal gang EvilCorp seems within the handout video.

Moscow’s Tverskoi District Court docket has positioned the Muromsky, a Russian nationwide suspected of unlawful trafficking of technique of cost, in custody for 2 months.

“The court docket has granted the movement from the investigation to pick two-month custody till March 13 as a measure of restraint for Roman Gennadyevich Muromsky,” court docket spokesperson Kseniya Rozina stated Friday. The court docket has additionally jailed Andrei Bessonov, Russian information businesses reported, Friday.

However Russia will not extradite to the U.S. these members of the REvil hacker group who’ve Russian citizenship, a educated supply instructed Interfax Friday. 

“The regulation of the Russian Federation prohibits extradition of Russian residents to a overseas state,” the supply stated, with out specifying whether or not all of the detained hackers had been Russian nationals.

Of their assertion, the FSB stated Friday’s investigation got here at “the request of competent US authorities,” who had been later “knowledgeable in regards to the outcomes of the operation.”

The U.S.-Russia collaboration marks a brilliant spot in an in any other case tense second for the 2 nations, following per week of failed diplomatic efforts to curb Russia’s navy buildup bordering on Ukraine. As Ukraine’s communication intelligence service responds to the cyberattacks concentrating on as many as 70 of its web sites, U.S. and Ukrainian officers inform CBS Information that the Kremlin is actively getting ready the battlefield by utilizing data warfare. 

“These arrests are one other instance of the numerous actions taken by america to curb the multifaceted extortion disaster. Menace actors are reevaluating whether or not they need to proceed their felony actions in mild of the arrests and indictments,” Charles Carmakal, SVP and CTO of Mandiant instructed CBS Information.

“Nonetheless, the timing is unusual right here,” Ken Westin, Director of Safety Technique for Cybereason cautioned, in an interview with CBS Information. The Russian-led raids “may very well be a smokescreen or purple herring.”

“Taking down a ransomware chief is like reducing the pinnacle off a hydra,” Westin added. “New leaders will step in to fill the void. The connection between ransomware gangs and Russian APT teams are well-known and the true actors behind these teams will proceed to function with impunity.”

On Thursday, previous to public stories of the Russian-led REvil operation, U.S. Secret Service cyber chief Jeremy Sheridan instructed the Washington Put up that ransomware felony actors usually mature, evolve or modify, reappearing beneath completely different facades.

“With these small teams working with illicit exchanges, there’s an expression {that a} colleague of mine makes use of,” Sheridan stated. “It is the identical 200 folks chasing the identical 200 folks. There are definitely the inflow of latest actors on this area. However a number of instances what we see with a brand new variant or a brand new cyberattack, it is the identical builders who’ve simply modified their know-how to a point.”

Final summer time, the State Division provided a reward of as much as $10 million for data resulting in the identification or location of key REvil group leaders.

In November, Lawyer Normal Merrick Garland introduced seizure of greater than $6 million in cryptocurrency after REvil chief and Russian nationwide Yevgeniy Igorevich Polyanin, scooped up $13 million from ransomware victims. The suspected “writer” of the REVIL ransomware, Polyanin, has been charged with 14 counts of conspiracy to commit fraud, intentional injury to a protected pc, and cash laundering.

CBS Information has reached out to the Division of Justice, FBI and Nationwide Safety Council  for remark. 

Margaret Brennan, Arden Farhi, Dan Patterson and Rob Legare contributed to this report. 



Supply hyperlink

Leave a Reply

%d bloggers like this: