Russia says it has shut down notorious REvil ransomware group

Daniel Sims

Daniel Sims

Posts: 1,375   +43
Staff
What just happened? Russia’s FSB has arrested members of REvil, a ransomware group responsible for many cyberattacks across the US last year, including the Kaseya attack. Amid the arrest, the FSB seized millions of dollars in cash and assets.

According to machine translation of the FSB’s announcement, the Russian agency raided 25 addresses belonging to 14 people. During the raids it sized around 426 million rubles (about $5.6 million), $600,000 USD, 500,000 Euros, computers, crypto wallets, and 20 cars. The FSB charged the suspects with “illegal circulation of means of payment.”

The raids took place at the request of US authorities after they reported on a member of the group. That part of the FSB’s announcement may be a reference to Operation GoldDust, in which Romanian police arrested two people linked to REvil last November. In October, German authorities claimed to have identified a REvil member vacationing in the Mediterranean.

Last summer, REvil’s ransomware software was responsible for the cyberattack on business platform Kaseya, which affected hundreds of US businesses. Soon after, President Joe Biden made clear he wanted the Russian government to act on the activities of gangs like REvil that operate from inside Russia. The country has been accused of turning a blind eye to the gangs’ actions as long as they don’t attack anyone inside Russia.

A US official told The Washington Post one person the FSB arrested was involved in the Colonial Pipeline cyberattack, which was claimed by another ransomware group – DarkSide. It’s possible the individual worked for both DarkSide and REvil.

The FSB’s announcement comes around the same time that Ukranian government servers were attacked. No one has claimed responsibility for the cyberattack, but it occurred amidst fears of a Russian invasion of Ukraine, which the Ukranian government suspects would begin with cyberattacks on the country’s infrastructure. Over 100,000 Russian troops are currently massed near the Ukranian border.

Permalink to story.

https://www.techspot.com/news/93003-russia-fsb-has-shut-down-notorious-revil-ransomware.html

 
It's a real shame that these groups can operate in other countries - but because those countries are in hostility with us that they can get away with this simply because the government can disavow knowledge of their activities until it's politically tenable.
 
  • Like
Reactions: BeachDogDaytona
Good job to all involved. If you're going to take down pipelines and hospitals, you're eventually going to find that special arrangements are possible no matter where you live.

The real work is still at home though. We need to better secure and mitigate, and make ransom payments illegal (I don't care about Joe Random at home, but large organizations like gov, Fortune 500, etc. will follow the law if it's passed and that's where the big money is.)
 
  • Like
Reactions: 0dium, sdms96825, BeachDogDaytona and 4 others
REvil has disbanded and we've dealt justice.

Also as a mere coincidence, we just started a new FSB task force to defend against international interests on the internet, no we will not discuss what individuals we just recruited into that team at this time.
 
  • Like
Reactions: 0dium, envirovore, Lounds and 2 others
brucek said:
Good job to all involved. If you're going to take down pipelines and hospitals, you're eventually going to find that special arrangements are possible no matter where you live.

The real work is still at home though. We need to better secure and mitigate, and make ransom payments illegal (I don't care about Joe Random at home, but large organizations like gov, Fortune 500, etc. will follow the law if it's passed and that's where the big money is.)
Click to expand...
I wish companies followed the law. I work in IT with a number of retailers (brick and mortar and online) who are suppose to follow PCI Compliance and simply don't. They will fill out questionnaires claiming they are adopting certain standards or have their data configured in a certain way and just hope they don't get an auditor at their door to physically confirm it. Those same customers had massive data breaches and simply covered it up or kept it completely internal. The only incentive for these companies to remain compliant is if they know they have an auditor coming. I think people would be utterly shocked how many security breaches happen. I've had several clients lose millions of credit card records due to open unencrypted files and databases on the root of their web server. lol Several... like seriously, why?!
 
  • Like
Reactions: Knot Schure, 0dium, sdms96825 and 1 other person
Raytrace3D said:
I wish companies followed the law. I work in IT with a number of retailers (brick and mortar and online) who are suppose to follow PCI Compliance and simply don't. They will fill out questionnaires claiming they are adopting certain standards or have their data configured in a certain way and just hope they don't get an auditor at their door to physically confirm it. Those same customers had massive data breaches and simply covered it up or kept it completely internal. The only incentive for these companies to remain compliant is if they know they have an auditor coming. I think people would be utterly shocked how many security breaches happen. I've had several clients lose millions of credit card records due to open unencrypted files and databases on the root of their web server. lol Several... like seriously, why?!
Click to expand...
I believe you, but I don't get it. I'm also skeptical approval for this strategy goes all the way up to the board of directors. More likely some individual employee has decided to handle it that way, which is bizarre to me because it's not like the company is going to stand behind them when it eventually comes out, so the person is risking individual criminal & civil liability in order to maybe save corporate shareholders some money. It makes even less sense when you consider these individuals are generally in high-demand occupations so it's not like they're desperately hanging on to the one job available to them (although I wouldn't want anyone like that in my organization at any level.)
 
  • Like
Reactions: Austinturner
Dimitriid said:
REvil has disbanded and we've dealt justice.

Also as a mere coincidence, we just started a new FSB task force to defend against international interests on the internet, no we will not discuss what individuals we just recruited into that team at this time.
Click to expand...
I laughed and I get the thinking, but I wonder if the FSB is at all interested in them. My guess is the people they have who do that job for real are leagues more sophisticated and reliable than these people. I mean, it's not like Revil and Darkstar and their like came up with brilliant innovations, it's just they were the ones who were gutsy/dumb/patsy enough to be on the frontlines blatantly and indiscriminatingly using it against ill-advised targets.
 
  • Like
Reactions: 0dium, Austinturner and Dimitriid
brucek said:
I laughed and I get the thinking, but I wonder if the FSB is at all interested in them. My guess is the people they have who do that job for real are leagues more sophisticated and reliable than these people. I mean, it's not like Revil and Darkstar and their like came up with brilliant innovations, it's just they were the ones who were gutsy/dumb/patsy enough to be on the frontlines blatantly and indiscriminatingly using it against ill-advised targets.
Click to expand...
You would think so but for the most part, not really no: Cyber spooks just get fancier toys to play with and protections like plausible deniability and secrecy but they're not this once-in-a-generation level geniuses as popular culture would have us believe.

But well the point is that we're not supposed to know either way.
 
Dimitriid said:
You would think so but for the most part, not really no: Cyber spooks just get fancier toys to play with and protections like plausible deniability and secrecy but they're not this once-in-a-generation level geniuses as popular culture would have us believe.

But well the point is that we're not supposed to know either way.
Click to expand...
I think you are selling them a bit short, intelligence agencies are pretty active at finding and recruiting some of the top performers in advanced fields, particularly straight out of university, fields like mathematics for cryptography particularly. Of course its hard to compete with big tech companies with very deep pockets, but the people they recruit are going to be above average for their operational teams. Some of these criminal groups are going to have some smart people, but the majority are just going to be people with a few skills who weren’t otherwise particularly successful.
 
No work on if Putin will return the money to those that were swindled or if he's just going to build another sun room on that billion dollar palace of his .....
 
  • Like
Reactions: Knot Schure
Uncle Al said:
No work on if Putin will return the money to those that were swindled or if he's just going to build another sun room on that billion dollar palace of his .....
Click to expand...
Look up the numbers for US 'civil forfeiture' and see if they ever return anything, even if all charges are dropped and there's 0 evidence of wrong doing the cops act like an extortion racket and just take whatever they want.

So why would you expect Russia to be any better? They're at least as bad.
 
Interesting that on such a freezing cold day, several of the people were in short pants and scantly dressed.
 
You must log in or register to reply here.

Similar threads

midian182
Russia-backed hacking group suspected of attack on US water system
Replies
11
Views
134
PurpaFur
PurpaFur
midian182
LockBit ransomware group member sentenced to four years for infecting over 1,000 systems
Replies
5
Views
161
Uncle Al
Uncle Al
midian182
  • Locked
Russia slams HP for closing local website, claims world is boycotting the company
2
Replies
34
Views
534
thehacker
T

Latest posts

Back