Russia claims to have shut down REvil ransomware group
The arrests might be the final nail in the coffin for one of the most notorious ransomware gangs of 2021.
The Russian domestic intelligence service, the FSB, detained 14 people and had seized 426 million roubles, $600,000, 500,000 euros, computer equipment, 20 luxury cars, and other assets.
The FSB claims to have made the arrests at US request, a rare case of bilateral cooperation between the two countries. It was no secret that REvil and groups' affiliates led lavish lifestyles in Russia.
REvil affiliates are suspected to be behind some of the most notorious recent ransomware attacks where threat actors penetrated the Colonial Pipeline, meat supplier JBS, and software company Kaseya.
The group members have been charged and could face up to seven years in prison, the FSB said.
On Saturday, a Moscow court remanded in custody for two months six more suspected members of the ransomware crime group REvil over illegal trafficking of funds, a day after Russia claimed it had dismantled the group at the request of the United States.
According to Reuters, the US welcomed the arrests, according to a senior administration official, adding, "we understand that one of the individuals who was arrested today was responsible for the attack against Colonial Pipeline last spring."
Last November, the US Treasury offered a bounty for information on REvil members. The reward of up to $10 million is offered for information leading to the identification or location of Sodinokibi/REvil leadership.
The arrests came to light hours after Ukraine suffered from a cyberattack linked to Belarussian hackers affiliated with the state intelligence. Belarus is a close military ally of Russia.
Cyberattacks are increasing in scale, sophistication, and scope. The last 18 months were ripe with major high-profile cyberattacks, such as the SolarWinds hack, attacks against the Colonial Pipeline, meat processing company JBS, and software firm Kaseya.
Pundits talk of a ransomware gold rush, with the number of attacks increasing over 90% in the first half of 2021 alone.
The prevalence of ransomware has forced governments to take multilateral action against the threat. It's likely a combined effort allowed to push the infamous REvil and BlackMatter cartels offline and arrest the Cl0p ransomware cartel members.
Gangs, however, either rebrand or form new groups. Most recently, LockBit 2.0 was the most active ransomware group with a whopping list of 203 victims in Q3 of 2021 alone.
More from CyberNews:
Subscribe to our newsletter