The art of bringing the tension down a bit? With Western countries accusing the Kremlin of planning a new invasion of Ukraine and talks between Washington and Moscow particularly heated, Russia’s internal security service, the FSB, announced on Friday that it had dismantled the cybercriminal group REvil, and at the request of the American authorities. According to the FSB, searches targeted 14 people and 25 addresses in five regions of the country, including Moscow and Saint Petersburg, and led to the seizure of the equivalent of 426 million rubles (4.9 million euros) , including cryptocurrency wallets, as well as twenty luxury cars.
The Russian authorities also announce several arrests and indictments, without specifying the number. REvil is a leading operator of ransomware, malware that encrypts (or “encrypts”) the data of its victims and demands payment to unlock it.
At the heart of bilateral dialogue
A necessary announcement “to place in the context of the Russian-American negotiations” around Ukraine, therefore, but also in the bilateral dialogue between the two powers, points out Julien Nocetti, associate researcher at the French Institute of International Relations and at the Geode center. The cyber question had indeed been at the heart of the meeting, in June in Geneva, between Vladimir Putin and Joe Biden, Washington increasingly accusing Moscow of initiating computer attacks or of letting their authors operate from the territory. Russian.
In this context, the announcement of the dismantling of REvil is a way for Russia to “give pledges” on this ground, continues Julien Nocetti. Appearing in 2019, the ransomware was used in particular against the American subsidiary of the Brazilian meat giant JBS; its designers also claimed responsibility in July for a so-called “supply chain” attack against the IT solutions provider Kaseya, which ultimately affected hundreds of companies. Long suspected of operating from Russia, REvil was clearly in the sights of the American authorities, and had also suffered a first major setback in November with the arrest of seven people in several countries.
“Master the beat”
“Russia is always trying to control the diplomatic tempo, including by letting go of ballast”, emphasizes Julien Nocetti. The FSB’s announcement also comes as several Ukrainian government sites suffered, overnight from Thursday to Friday, a cyberattack that the country’s authorities describe as “massive” while affirming that it did not lead to any leak of personal data or modification of the content of the websites concerned, apart from the replacement of their home page.
According to the Ukrainian computer incident response center, the perpetrators could have taken advantage of a flaw in the content management system used by these websites: a low-tech operation, therefore within the reach of very many actors. However, in the context of very strong tensions between Ukraine and Russia, and in view of the precedents of past years, all eyes quickly turned to Moscow. In any case, the announcement of the arrest brought to REvil comes at the right time.