Posted inSecurity

Russian agency claims its has completely busted the dreaded ransomware gang REvil

The hackers were behind some of the biggest ransomware attack that took place last year, including Colonial Pipeline, Kaseya and JBS Group

by ITP Staff
Ransomware gang REvil busted Russia
by ITP Staff

Russia’s Federal Security Service, the FSB, announced it had decimated the ransomware attack group REvil, which claimed responsibility for multiple high-profile attacks, including the ones on Colonial Pipeline, Kaseya and JBS Group.

In all, 14 members of the group are understood to have been arrested and large amounts of cash and cryptocurrency recovered in coordinated raids across four cities.

As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, FSB said “the organised criminal community ceased to exist and the IT infrastructure used for criminal purposes was neutralised”.

The attack on Colonial Pipeline disrupted gas supplies to several states in the US and the company was forced to pay ransom, a part of which was later recovered by the FBI. JBS Group, the Brazilian meat giants, also paid ransom also paid ransom to the group.

On its website, FSB posted (Google translated from Russian) under headline ‘Illegal Activities Of Members Of An Organized Criminal Community Stopped’: “The Federal Security Service of the Russian Federation, in cooperation with the Investigation Department of the Ministry of Internal Affairs of Russia in the cities of Moscow, St Petersburg, Leningrad and Lipetsk regions, suppressed the illegal activities of members of an organised criminal community.

“The basis for the search activities was the appeal of the US authorities, who reported on the leader of the criminal community and his involvement in encroachments on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption.”

The Russian REN TV network aired footage of officers pushing suspects down and seizing piles of cash in dollars and rubles before carting them off during the raids.

While the FSB did not name those arrested, a Moscow court named two of those charged as Roman Muromsky and Andrei Bessonov. Both were ordered to custody for two months.

Giving further information, FSB said: “As a result of a complex and coordinated investigation and search activities, funds were seized at 25 addresses at the places of residence of 14 members of the organized criminal community. This included 426 million rubles, including in cryptocurrency, USD 600,000, 500,000 Euros, as well as computer equipment, crypto wallets used to commit crimes and 20 premium cars purchased with money obtained from crime.”

The news comes on a day when Ukrainian government websites were defaced and Ukraine’s Security Service, the SBU, said the initial findings of their investigation pointed to “hacker groups linked to Russia’s intelligence services”.

The US said it “welcomes” the news. “We understand that one of the individuals who was arrested today was responsible for the attack against Colonial Pipeline last spring,” a senior Biden administration official said.

The United States had offered a reward of up to $10m for information leading to the gang members, following ransomware attacks.

Also read:

Colonial Pipeline attack: War against cybercriminals is “far from over”, say experts