Russia says it has shut down notorious REvil ransomware group

Daniel Sims

Posts: 399   +17
Staff
What just happened? Russia’s FSB has arrested members of REvil, a ransomware group responsible for many cyberattacks across the US last year, including the Kaseya attack. Amid the arrest, the FSB seized millions of dollars in cash and assets.

According to machine translation of the FSB’s announcement, the Russian agency raided 25 addresses belonging to 14 people. During the raids it sized around 426 million rubles (about $5.6 million), $600,000 USD, 500,000 Euros, computers, crypto wallets, and 20 cars. The FSB charged the suspects with “illegal circulation of means of payment.”

The raids took place at the request of US authorities after they reported on a member of the group. That part of the FSB’s announcement may be a reference to Operation GoldDust, in which Romanian police arrested two people linked to REvil last November. In October, German authorities claimed to have identified a REvil member vacationing in the Mediterranean.

Last summer, REvil’s ransomware software was responsible for the cyberattack on business platform Kaseya, which affected hundreds of US businesses. Soon after, President Joe Biden made clear he wanted the Russian government to act on the activities of gangs like REvil that operate from inside Russia. The country has been accused of turning a blind eye to the gangs’ actions as long as they don’t attack anyone inside Russia.

A US official told The Washington Post one person the FSB arrested was involved in the Colonial Pipeline cyberattack, which was claimed by another ransomware group – DarkSide. It’s possible the individual worked for both DarkSide and REvil.

The FSB’s announcement comes around the same time that Ukranian government servers were attacked. No one has claimed responsibility for the cyberattack, but it occurred amidst fears of a Russian invasion of Ukraine, which the Ukranian government suspects would begin with cyberattacks on the country’s infrastructure. Over 100,000 Russian troops are currently massed near the Ukranian border.

Permalink to story.

 

QuantumPhysics

Posts: 6,266   +7,191
It's a real shame that these groups can operate in other countries - but because those countries are in hostility with us that they can get away with this simply because the government can disavow knowledge of their activities until it's politically tenable.
 

brucek

Posts: 1,107   +1,635
Good job to all involved. If you're going to take down pipelines and hospitals, you're eventually going to find that special arrangements are possible no matter where you live.

The real work is still at home though. We need to better secure and mitigate, and make ransom payments illegal (I don't care about Joe Random at home, but large organizations like gov, Fortune 500, etc. will follow the law if it's passed and that's where the big money is.)
 

Dimitriid

Posts: 2,087   +3,991
REvil has disbanded and we've dealt justice.

Also as a mere coincidence, we just started a new FSB task force to defend against international interests on the internet, no we will not discuss what individuals we just recruited into that team at this time.
 

Raytrace3D

Posts: 333   +403
Good job to all involved. If you're going to take down pipelines and hospitals, you're eventually going to find that special arrangements are possible no matter where you live.

The real work is still at home though. We need to better secure and mitigate, and make ransom payments illegal (I don't care about Joe Random at home, but large organizations like gov, Fortune 500, etc. will follow the law if it's passed and that's where the big money is.)
I wish companies followed the law. I work in IT with a number of retailers (brick and mortar and online) who are suppose to follow PCI Compliance and simply don't. They will fill out questionnaires claiming they are adopting certain standards or have their data configured in a certain way and just hope they don't get an auditor at their door to physically confirm it. Those same customers had massive data breaches and simply covered it up or kept it completely internal. The only incentive for these companies to remain compliant is if they know they have an auditor coming. I think people would be utterly shocked how many security breaches happen. I've had several clients lose millions of credit card records due to open unencrypted files and databases on the root of their web server. lol Several... like seriously, why?!
 

brucek

Posts: 1,107   +1,635
I wish companies followed the law. I work in IT with a number of retailers (brick and mortar and online) who are suppose to follow PCI Compliance and simply don't. They will fill out questionnaires claiming they are adopting certain standards or have their data configured in a certain way and just hope they don't get an auditor at their door to physically confirm it. Those same customers had massive data breaches and simply covered it up or kept it completely internal. The only incentive for these companies to remain compliant is if they know they have an auditor coming. I think people would be utterly shocked how many security breaches happen. I've had several clients lose millions of credit card records due to open unencrypted files and databases on the root of their web server. lol Several... like seriously, why?!
I believe you, but I don't get it. I'm also skeptical approval for this strategy goes all the way up to the board of directors. More likely some individual employee has decided to handle it that way, which is bizarre to me because it's not like the company is going to stand behind them when it eventually comes out, so the person is risking individual criminal & civil liability in order to maybe save corporate shareholders some money. It makes even less sense when you consider these individuals are generally in high-demand occupations so it's not like they're desperately hanging on to the one job available to them (although I wouldn't want anyone like that in my organization at any level.)
 

brucek

Posts: 1,107   +1,635
REvil has disbanded and we've dealt justice.

Also as a mere coincidence, we just started a new FSB task force to defend against international interests on the internet, no we will not discuss what individuals we just recruited into that team at this time.
I laughed and I get the thinking, but I wonder if the FSB is at all interested in them. My guess is the people they have who do that job for real are leagues more sophisticated and reliable than these people. I mean, it's not like Revil and Darkstar and their like came up with brilliant innovations, it's just they were the ones who were gutsy/dumb/patsy enough to be on the frontlines blatantly and indiscriminatingly using it against ill-advised targets.
 

Dimitriid

Posts: 2,087   +3,991
I laughed and I get the thinking, but I wonder if the FSB is at all interested in them. My guess is the people they have who do that job for real are leagues more sophisticated and reliable than these people. I mean, it's not like Revil and Darkstar and their like came up with brilliant innovations, it's just they were the ones who were gutsy/dumb/patsy enough to be on the frontlines blatantly and indiscriminatingly using it against ill-advised targets.
You would think so but for the most part, not really no: Cyber spooks just get fancier toys to play with and protections like plausible deniability and secrecy but they're not this once-in-a-generation level geniuses as popular culture would have us believe.

But well the point is that we're not supposed to know either way.
 

Austinturner

Posts: 351   +452
You would think so but for the most part, not really no: Cyber spooks just get fancier toys to play with and protections like plausible deniability and secrecy but they're not this once-in-a-generation level geniuses as popular culture would have us believe.

But well the point is that we're not supposed to know either way.
I think you are selling them a bit short, intelligence agencies are pretty active at finding and recruiting some of the top performers in advanced fields, particularly straight out of university, fields like mathematics for cryptography particularly. Of course its hard to compete with big tech companies with very deep pockets, but the people they recruit are going to be above average for their operational teams. Some of these criminal groups are going to have some smart people, but the majority are just going to be people with a few skills who weren’t otherwise particularly successful.
 

Uncle Al

Posts: 8,669   +7,570
No work on if Putin will return the money to those that were swindled or if he's just going to build another sun room on that billion dollar palace of his .....
 

Dimitriid

Posts: 2,087   +3,991
No work on if Putin will return the money to those that were swindled or if he's just going to build another sun room on that billion dollar palace of his .....
Look up the numbers for US 'civil forfeiture' and see if they ever return anything, even if all charges are dropped and there's 0 evidence of wrong doing the cops act like an extortion racket and just take whatever they want.

So why would you expect Russia to be any better? They're at least as bad.
 

lazer

Posts: 427   +128
Interesting that on such a freezing cold day, several of the people were in short pants and scantly dressed.