Russia Stops REvil

Russia Stops REvil

Russia Stops REvil

Russia says it has ended the criminal activities of the REvil ransomware gang and placed its members under arrest. 

In an action coordinated by the Federal Security Service of the Russian Federation (FSB) in cooperation with the Investigation Department of the Ministry of Internal Affairs of Russia in the cities of Moscow, St. Petersburg, and Lipetsk, searches were executed at residential addresses associated with 14 gang members.

During the operation, Russian authorities seized computer equipment, money, and vehicles purchased with the proceeds of crime. 

statement issued today by the Federal Security Service of the Russian Federation (FSB) stated that “funds were seized at 25 addresses at the places of residence of 14 members of the organized criminal community: over 426 million rubles, including in cryptocurrency, 600 thousand US dollars, 500 thousand euros, as well as computer equipment, crypto wallets used to commit crimes, 20 premium cars purchased with money obtained from crime.”

The FSB said members of the ransomware gang had been detained and charged with the illegal circulation of means of payment.

“As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized,” reads the statement.

Russia said this blow against REvil was dealt in answer to an appeal by the United States, and that US authorities had been “informed about the results of the operation.”

The arrests came after unknown hackers targeted Ukrainian government websites early Friday, blocking access and warning internet users to “expect the worst.”

Former US marine and threat intel specialist at Cyware Neal Dennis commented: “When a group gets as large and prolific as this on the global stage, Russia eventually steps in.

“I don’t think this comes exclusively because the US asked Russia to carry out the operation.”

Chris Morgan, senior cyber-threat intelligence analyst at Digital Shadows, said Russia’s actions could be an attempt to diffuse territorial tensions between Russia and the West.  

“It’s likely that the arrests against REvil members were politically motivated, with Russia looking to use the event as leverage,” said Morgan. 

“It could be debated that this may relate to sanctions against Russia recently proposed in the US, or the developing situation on Ukraine’s border.”