Another setback for REvil. But this time around, the arrests have taken place in Russia: Russian intelligence today announced the arrest of several individuals accused of being members of the REvil ransomware group, as well as the dismantling of the infrastructure used by the group for its attacks.
In a press release, the Federal Security Service of the Russian Federation (FSB) announced that it had carried out an operation which enabled it to identify the members of the cybercriminal group and to carry out several searches in residences held by the members of the group. According to the FSB, these searches would have led to the seizure of large sums of money: 426 million Russian rubles, 600,000 dollars and 500,000 euros in cash, as well as several computers, cars and electronic wallets used to store cryptocurrencies. .
Russian authorities do not give the exact number of people arrested, but indicate that the suspects are accused of payment fraud.
The group had been keeping a low profile since November
The FSB press release recalls that this action comes following the accusations brought by the American justice system, which had identified several members of the REvil group and had accused them of several ransomware computer attacks.
In November 2021, American justice revealed indictments against a Ukrainian citizen and a Russian citizen, accused of being behind attacks attributed to the REvil / Sodinokibi group. The Ukrainian citizen was arrested by law enforcement, while the Russian citizen was not apprehended. Europol had also announced the arrest of seven suspects linked to the REvil/Sodinokibi and GandCrab groups on the same date.
A few days before the arrests, a government coalition had already undertaken to dismantle the infrastructure used by the group for its operations. Since that date, the cybercriminal group had kept a low profile, but the members of the group residing in Russia had not been worried.
A particularly prolific ransomware group
The REvil/Sodinokibi group is one of the most active ransomware groups of the last two years.
He is credited in particular with the attacks that targeted the American provider of managed services Kaseya, but also the ransomware attacks that paralyzed the agrifood giant JBS or the attack that targeted the French group Pierre Fabre in April 2021.