Russia’s FSB intelligence service said on Friday that it had targeted 14 members of the group with coordinated arrests at the request of authorities in the United States.
Biden has been demanding for months that his Russian counterpart
However, it comes as an olive branch at a time of high tension between Washington and Moscow, as Russia builds up troops near Ukraine and issues an ultimatum that
Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told DailyMail.com that the arrests will have ‘sent shockwaves through the cybercriminal underworld’ but questioned whether the move signaled a true commitment from Russia to cracking down on hacker gangs.
The FSB security service shared footage of a special operation to ‘neutralize the REvil hacker group’ as it announced 14 arrests on Friday
The FSB said it seized $5.5 million in rubles (above) in the raids, and more than $1 million in foreign currencies
‘Whether this signals Russia is getting serious about combating ransomware or whether REvil were simply considered a necessary sacrifice in the face of international pressure remains to be seen,’ said Callow.
REvil: The Russian ransomware gang behind US attacks
REvil, also known as Sodinokibi, is a group of hackers that recruits affiliates to distribute ransomware for them.
As part of the deal, REvil and the affiliates split any ransoms obtained using the group’s malware.
Short for ‘ransomware evil,’ REvil refers to both the group and its software.
Members are known to speak Russian, and the group operates with impunity from somewhere in Russia or Eastern Europe.
The group is behind several attacks on US businesses, including the JBS meat plant and Miami-based software firm Kaseya.
‘In either case, it will have sent shockwaves through the cybercriminal underworld, and those who formerly partnered with REvil be be especially concerned about the potential consequences,’ he added.
‘I’d chalk this up as a win. But how much of a win remains to be seen,’ said Callow.
REvil, also known as ‘Ransomware evil’, was responsible for the Memorial Day ransomware attack on the meat processor JBS and the supply-chain attack last July targeting the Miami-based software company Kaseya, which crippled well over 1,000 businesses globally.
The group’s ransomware code shares some similarities with DarkSide, the group behind the Colonial Pipeline attack last May, but experts doubt there are significant connections between the two gangs.
In July, Biden pleaded with Putin to take stronger action, saying he needed to rein in attacks from Russia-based groups and warned that the US had the right to defend its people and critical infrastructure from attacks.
The arrests on Friday were a rare apparent demonstration of collaboration between Russia and the United States, and the come at a time of high tensions between the two over Ukraine.
The announcement came even as Ukraine was responding to a massive cyber attack that shut down government websites, though there was no indication the incidents were related.
A joint police and FSB operation searched 25 addresses, detaining 14 people, the FSB said, listing assets it had seized including 426 million rubles, $600,000, 500,000 euros, computer equipment and 20 luxury cars.
The arrests on Friday were a rare apparent demonstration of collaboration between Russia and the United States, and the come at a time of high tensions between the two over Ukraine
A joint police and FSB operation searched 25 addresses, detaining 14 people, the FSB said, listing assets it had seized including 426 million rubles
Russian authorities show off American cash allegedly seized in the raids
The FSB also seized ‘computer equipment, crypto wallets used to commit crimes, and 20 premium cars purchased with proceeds from crime’.
Ransomware suspects were held in Moscow and St Petersburg, and the surrounding regions, and in Lipetsk region, the FSB said.
Russia said that ‘the full composition of the REvil criminal community and the involvement of its members in the illegal circulation of means of payment was established’.
Russia had informed the United States directly of the moves it had taken against the group sought by Washington, the FSB said on its website.
The U.S. Embassy in Moscow said it could not immediately comment.
‘The investigative measures were based on a request from the… United States,’ the FSB said. ‘… The organized criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralized.’
The FSB shared footage of agents raiding homes and arresting people, pinning them to the floor, and seizing large piles of dollars and Russian rubles.
The group members have been charged and could face up to seven years in prison.
A source familiar with the case told Interfax that the group’s members with Russian citizenship would not be handed over to the United States.
FSB agents are seen taking down a suspected REvil leader in raids this week
In July, President Biden urged Russian leader Vladimir Putin to take action against REvil
The United States said in November it was offering a reward of up to $10 million for information leading to the identification or location of anyone holding a key position in the REvil group.
The United States has been hit by a string of high-profile hacks by ransom-seeking cybercriminals.
A source with direct knowledge of the matter told Reuters in June that REvil was suspected of being the group behind a ransomware attack on the world’s biggest meat packing company, JBS SA.
Washington has repeatedly accused the Russian state in the past of malicious activity on the internet, which Moscow denies.
Russia’s announcement comes during a standoff between the United States and Russia. Moscow is demanding Western guarantees including that NATO will not expand further. It has also built up its troops near Ukraine.
In November, DailyMail.com tracked suspected REvil ringleader Yevgeniy Polyanin, 28, to a chic $380,000 (USD) home in Barnaul where he was seen driving his $74,000 Toyota Land Cruiser 200, evidently feeling untouchable.
Polyanin was named by the FBI as a REvil affiliate but it was unclear whether he was among the suspects rounded up in Friday’s arrests.
Yevgeniy Polyanin was named by the FBI as a REvil affiliate but it was unclear whether he was among the suspects rounded up in Friday’s arrests
Polyanin was spotted by a DailyMail reporter entering his $74,000 Toyota Land Cruiser 200 in his well-appointed home in Barnaul, Siberia in November
Polyanin was living in a chic to a chic $380,000 home in Barnaul as he remains on the FBI’s Most Wanted list
REvil had claimed responsibility for a series of attacks on US businesses.
The unprecedented attack targeting the Miami-based software firm Kaseya, which was reported July 2, affected an estimated 1,500 businesses globally.
The Kaseya attack shut down a major Swedish supermarket chain and ricocheted around the world, impacting businesses in at least 17 countries, from pharmacies to gas stations, as well as dozens of New Zealand kindergartens.
Meanwhile, the attack on JBS saw America’s largest beef supplier end up paying an $11 million ransom in Bitcoin to the hackers who shut down its plants.
JBS learned of the attack early on May 30 after discovering ‘irregularities’ on its servers and a ransom note.
The hack threatened to disrupt meat supplies across the United States over Memorial Day weekend.