Russia’s Federal Security Service (FSB) said on Friday that it arrested 14 alleged members of the ransomware gang responsible for the several major attacks in the last year.
In a press release, the FSB announced that it has mapped out the whole criminal organization behind REvil, a ransomware group known for hitting Colonial Pipeline, the operator of the largest gas pipeline in the United States, JBS, a large meat manufacturer, and the business software provider Kaseya.
Most notably, the FSB said that the “basis for the search activities was the appeal of the competent US authorities,” according to a Google translation of the release.
The authorities searched 25 residences of the 14 members, seizing 426 million Rubles (some in cryptocurrency), $600,000, and 500,000 euros, as well as computers, crypto wallets and 20 “premium cars,” according to the press release.
The U.S. Department of Justice did not immediately respond to a request for comment.
In the last year, the U.S. government has ramped up pressure both on ransomware gangs, and the Russian government, accusing it of willingly harboring what are effectively organized criminal organizations.
It’s unclear who the 14 members of the REvil gang arrested today are, they could be the main operators and coders, or they could be lower level members. Either way, Russian government authorities arresting anyone allegedly involved in ransomware is a significant development.
“I think it shows that ransomware groups aren’t safe in Russia after they have outlived their usefulness,” Allan Liska, a security researcher that tracks ransomware and works for Recorded Future, told Motherboard in an online chat. “This is great news. REvil caused a lot of damage to a lot of organizations around the world and having them face consequences for these attacks is important.”
Do you have more information about the REvil ransomware gang, or another ransomware group? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wire/Wickr @lorenzofb, or email firstname.lastname@example.org.
This is the latest hit on the ransomware gang. In October, an international government coalition hacked REvil and pushed it offline, Reuters reported at the time.
In November, the US Department of Justice announced that it had indicted two Ukrainian nationals for deploying REvil’s ransomware, and that it had seized $6.1 million that the two had received as payments from victims.
This post has been read 10 times!