Russia arrests REvil ransomware gang members, seize $6.6 million

The Federal Security Service (FSB) of the Russian Federation claims that they close down the REvil ransomware gang after U.S. authorities reported on the leader.

More than a loads members of the gang have actually been apprehended complying with cops raids at 25 addresses, the Russian protection firm claims in a news release today.

“The basis for the search activities was the appeal of the competent US authorities, who reported on the leader of the criminal community and his involvement in encroachments on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption” – Russia’s Federal Security Service

Russian authorities have actually apprehended 14 people believed to be component of the REvil ransomware- as-a-service (RaaS) procedure as well as seized cryptocurrency as well as fiat cash as adheres to:

  • greater than 426 million rubles (about $5,5 million)
  • 600 thousand United States bucks
  • 500 thousand euros (about $570,000)

Russian authorities likewise seized 20 high-end cars and trucks bought with cash gotten from cyberattacks, computer system devices as well as cryptocurrency pocketbooks made use of to create as well as preserve the RaaS procedure.

Footage from the raids readily available listed below demonstrate how police officers apprehended the suspects as well as seized cash as well as electronic devices:

The raids occurred at addresses in Moscow,St Petersburg, Leningrad, as well as Lipetsk areas.

The FSB says that it had the ability to determine all members of the REvil gang, recorded their unlawful tasks, as well as develop their involvement in “illegal circulation of means of payment.”

Apart from producing the file-encrypting malware as well as releasing it on venture networks around the world, REvil members were likewise associated with swiping cash from the savings account of international people.

“As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized” Russia’s Federal Security Service

The FSB claims that they notified the agents of the experienced U.S. authorities concerning the outcomes of the procedure.

REvil ransomware falls apart

REvil ransomware (also known as Sodin as well as Sodinokibi) arised in April 2019 from deep space left by the closed down of the GandCrab procedure.

In much less than a year, the gang came to be one of the most respected ransomware team, requesting several of the greatest ransom money from its targets. It increased to notoriety in August 2019 when it struck numerous regional managements in Texas as well as required a cumulative ransom money of $2.5 million – the greatest to that day.

Soon, requesting significant quantities of cash from big companies as well as making money came to be the standard. In a year, the gang declared revenues over of $100 million.

REvil’s most advertised hit was the Kaseya supply-chain assault that paralyzed around 1,500 services around the globe. The ransom money need to decrypt all companies was $ 70 million in Bitcoin.

This assault motivated a demanding feedback from the U.S., with President Biden asking President Putin to do something about it versus cybercriminals living in Russia; or else, the U.S. would certainly do something about it by itself.

The gang was likewise the initial to have a depictive passing the discussion forum name UNKN in the beginning, later on switching over to Unknown, that advertised the REvil RaaS organization in the Russian- talking criminal cyberpunk area.

This public-facing depictive vanished right after the Kaseya assault (some presumed Unknown was apprehended) as well as stress from worldwide police enhanced.

After the Kaseya assault, the REvil procedure paused and afterwards returned to procedures 2 months later on. What the drivers did not recognize was that police had actually breached their web servers prior to the respite as well as when they recovered the systems from back-ups the crooks likewise recovered equipments managed by police.

FSB’s activity versus REvil follows the U.S. as well as worldwide police companies signed up with pressures to determine as well as jail members of ransomware procedures.

As an outcome, the U.S. revealed in November 2021 that it had actually apprehended a REvil ransomware associate (Ukrainian nationwide Yaroslav Vasinskyi) in charge of the Kaseya assault as well as confiscated over $6 million from an additional Revil companion (Russian nationwide Yevgeniy Polyanin), thought to have actually released concerning 3,000 ransomware assaults.

The exact same month, authorities in Romania apprehended 2 REvil ransomware associates in charge of 5,000 assaults that brought them EUR 500,000 from accumulated ransom money.

Update [January 14, 2022, 13:26 EST]: Added history details concerning the REvil ransomware gang as well as arrests of its associates

Leave A Reply

Your email address will not be published.