Russia Announces Takedown of REvil Ransomware Gang

The Federal Security Service of the Russian Federation (FSB) announces the takedown of the REvil ransomware gang this Friday, January 14. This equivalent to our general directorate of internal security, with broader missions, assures in its press release that it has identified all the members of this feared cybercriminal group and “documented their illegal activities”.

A particularly awaited announcement while ransomware, this software that encrypts your data and then demands a ransom from you, has become one of the main computer threats in the world, and France is not immune to this scourge. “These people developed malicious software, organized the theft of funds from the bank accounts of foreign citizens and their collection, in particular through the purchase of expensive goods on the Internet,” the FSB specifies in its press release.

fourteen arrests

In total, fourteen people were arrested as part of this police operation carried out with an investigative service of the Russian Ministry of the Interior and initiated at the request of the American judicial authorities. The arrests occurred in the areas of Moscow, Saint Petersburg and Lipetsk, a city about 400 kilometers southeast of the capital, after raids in 25 different places.

According to a Russian media outlet, following the revelations of a Telegram channel, one of the suspects is called Roman Muromsky, an engineer in his thirties, information confirmed by a judicial source according to the RBC television channel. A few months ago, the German weekly Die Zeit also reported the identification by the German police of a Russian citizen with a secret identity suspected of being part of REvil.

In total, 426 million rubles (4.89 million euros), 600,000 dollars, 500,000 euros, cryptocurrency wallets and twenty luxury cars were seized during the Russian police operation. Important assets that, however, are lower than one might imagine after an operation against one of the most active ransomware gangs of the moment.

Cybercrime SMEs

With its Sodinokibi ransomware, first detected in April 2019, REvil had become a thriving cybercrime SME. According to computer security specialists, it had a dozen developers in its ranks to refine its software. The gang, suspected of also developing the GandCrab ransomware, then sold access to their ransomware to cronies, involved in numerous attacks, from France’s Pierre Fabre to Taiwanese computer manufacturer Acer.

But after several ransomware cyberattacks caused a stir this spring, from the blocked Colonial Pipeline case to the one that targeted computer services company Kaseya, this criminal industry found itself in the American line of sight.

Joe Biden first put the issue of cybercrime on the agenda in a meeting with Vladimir Putin on July 9. The US president then asked his Russian counterpart to take the necessary steps, believing that many cybercriminals were based in Russia. Before that he warned that his country would take “all necessary measures to defend itself.”

A warning that materialized in the fall against the REvil gang. The hackers were then the target of a spectacular hack carried out in particular, according to Reuters, by the FBI, the federal judicial police service and the Cyber ​​Command, a military command. “The server has been compromised, they are looking for me”, a netizen, 0_neday, suspected of being part of REvil, posted on a cybercriminal forum. Before immediately indicating that he was running away.

seven arrests had already been made

A sign that police vice was hardening around REvil, the latest arrests in Russia follow other recent arrests. In early November, the United States announced the arrest of a 22-year-old Ukrainian, Yaroslav Vasinskyi. He is suspected of involvement in the giant cyberattack against the Kaseya IT company, which resulted in a record $70 million ransom demand.

The United States had also indicated that it had seized $6.1 million corresponding to possible ransom payments. The US Justice Department eventually said it had identified another suspect, a 28-year-old Russian, Yevgeniy Polyanin. For its part, the European Criminal Police Agency had reported on the same dates of the arrest of five people linked to the REvil gang.

Called Gold Dust, the police operation resulted more specifically in the arrest of two people in Romania -particularly at the request of France-, three people in South Korea and a suspect in Kuwait. This now brings the total number of known arrests related to REvil to 21.

Magnitude to evaluate

If this multi-stage international roundup is impressive, the scope of its latest episode, the arrests in Russia, remains to be assessed. The FSB press release specifies that the prosecution is based on the second part of article 187 of the Russian criminal code. Regarding the illegal circulation of means of payment, this text provides for a maximum prison sentence of seven years that may be accompanied by a fine of one million rubles (11,000 euros).

A source also reminded the Interfax news agency that the Russian legal framework prohibits the extradition of nationals to a foreign state. In other words, only suspects who are not Russian nationals – we do not know if this is the case – could be extradited. This makes the prospect of trial for the accused in the respective countries of the various victims uncertain.

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button