The Russian authorities, in cooperation with the American administration, carried out operations against the last members of the REvil group. The organization would definitely be out of harm’s way.
Endgame for REvil? The group of cybercriminals, which has shown itself on numerous occasions in recent years with large-scale attacks against American companies, would have fallen entirely. The Russian security forces (FSB) carried out searches at 25 addresses and at the places of residence of 14 members of the criminal organization. In the purest Soviet tradition, the FSB circulated videos of these very early morning arrests.
These operations, carried out in Moscow, Saint Petersburg, but also in several regions, made it possible to seize more than 426 million rubles (4.87 million euros), including in cryptocurrencies, as well as $600,000 and 500,000 €. Computer equipment, crypto wallets used to commit crimes, and 20 luxury vehicles are also part of the loot.
15 members of REvil have been arrested by the Russian authorities.
REvil, once dubbed the “Crown prince of Ransomware”, was responsible for the Kaseya supply chain attack, and many other high-profile breaches.
Footage courtesy of the FSB. pic.twitter.com/7ldAAPwDYg
— vx-underground (@vxunderground) January 14, 2022
“As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized, the FSB said in a press release. Representatives of the relevant US authorities have been informed of the results of the operation.”
More than 1,500 companies concerned
The pressure on REvil, and on the cooperation of the Russian authorities, intensified in July 2021, after the claim of the computer attack against the Kaseya company. Joe Biden then spoke with Vladimir Putin, urging him to act against cyberattacks carried out from Russia. Last October, the President of the United States also expressed the wish to join 30 member countries of NATO and the G7 in order to take joint measures against ransomware.
The REvil ransomware first appeared in 2019, and cybercriminals operating it have earned a solid reputation after large-scale attacks. In addition to Kaseya, REvil is at the origin of the Colonial Pipeline cyberattack in May 2021, or that of the agri-food group JBS. It is estimated that more than 1,500 companies have been affected by the malware.