Posted on January 17, 2022 at 6:55 AM
The infamous REvil ransomware gang REvil ransomware has been taken down by Russian authorities. According to the report, the Russian authorities raided and arrested over a dozen of the group’s members.
The Russian domestic intelligence service (FSB) confirmed that the raid took place at 25 addresses across St. Petersburg, Moscow, Lipetsk, and Leningrad regions belonging to 14 alleged REvil members. After the raid, the intelligence service said it informed American Authorities about the incident, per their agreement.
More Than $7 Million Was Seized From The Gang
The FSB said it decided to neutralize the REvil ransomware group due to the appeal by the U.S. authorities to stop the menace caused by the group on U.S. soil and other regions.
The Russian authorities also noted that they seized about 426 million Rubles, 500,000 euros, and $600,000 from the homes of the members, which is roughly $7 million in total.
Apart from physical cash, the FSB also confiscated other items, including 20 luxury cars the group bought from money realized from their fraudulent activities. They also seized cryptocurrency wallets and computers from the homes of the REvil members.
The authorities revealed that they were able to identify some of the members of the REvil ransomware gang, document their activities, and get verifiable proof that they were involved in “illegal circulation of means of payment.”
This action is coming barely two months after the Ukrainian responsible for the Kaseya attack was arrested by the U.S. authorities.
In the raid, the U.S. authorities seized over $6 million belonging to another REvil member that has carried out more than 3,000 attacks on different regions.
The FSB added that the infrastructure the cybercriminals used in carrying out their attack has been neutralized.
REvil Has Been Very Effective Over The Years
The REvil ransomware gag has been one of the most notorious threat actors in recent years. According to a CRN analysis, REvila and its affiliates were responsible for four of the ten largest ransomware attacks in 2021. The group’s penetration and impact are far higher than the impact of any other group.
REvil was also responsible for the largest heist last year, when the gang exploited a vulnerability in Kaseya’s VSA remote monitoring tool, demanding ransomware payments from more than 1,500 clients.
In March last year, the group admitted that it infiltrated the network of PC giant Acer and stole unencrypted data. The group posted a detail of their loot, including Acer’s bank communications, bank balances, and financial spreadsheets, on their leak sites. REvil demanded ransom payment from Acer or they will be forced to expose the files to the public.
The Group Has Expanded Its Affiliates Over The Years
Three months later, the notorious group was at it again, this time, infiltrating the servers of JBS. The group forced the company to pay $11 million in ransom when they temporarily shut down plants the processed about 20% of the nation’s entire meat supply.
However, law enforcement agencies rolled into action and confiscated most of the systems the groups used in operations. The agencies took control of most of the gang’s machines, preventing them from launching attacks on other victims for a while.
The REvil ransomware gang was discovered in 2019 when one of its affiliates attacked Texas-based TSM Consulting. Then, the group centered its activities around managed service providers ad concentrated their attacks on specific areas. But the group grew stronger and larger, adding more affiliates and launching attacks on critical infrastructure.
Experts Say The REvil Group Has Not Been Completely Neutralized
Although the FSB didn’t mention the names of the members arrested, a Moscow court mentioned two of the suspects – Andrei Bessonov and Roman Muromsky – who were both placed in custody until March.
In November last year, the US Attorney General Merrick Garland, announced charges against two REvil members. He said that the attacks carried out by the group have caused computer users worldwide not less than $200 million in ransom payments.
However, while the Russian government said it was responsible for neutralizing the REvil ransomware gang, some cybersecurity experts say the group personally dismantled its operations last year. The experts added that the recent arrest does not signal the elimination of the broader REvil group who is now operating under different affiliates across the world.