Tuesday, January 18, 2022

Russia arrests 14 suspects of Revil ransomware gang

Russia’s internal security agency said today that it destroyed the network of the Revil ransomware gang and raided the homes of its operatives after their arrests in Ukraine yesterday.

The FSB (Federal Security Service) said in a statement that “based on an appeal from the US competent authorities” it had raided 25 addresses that apparently belonged to “14 members of an organized criminal community”.

The Russian law enforcement agency said that “community” is called Revil. A translation of the FSB statement shows that 14 were charged under Article 187 of the Russian Criminal Code, which deals with “illegal trading of means of payment”.

“As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community has ceased to exist, and the information infrastructure used for criminal purposes has been neutralized,” a victorious FSB said. concluded.

The raids came amid a wave of website distortions in Ukraine this morning and comes months after the US requested ransomware gangs to make massive amounts of money by attacking Western targets and encrypting their IT infrastructure. Five ransomware suspects were arrested in Ukraine yesterday, although local police did not reveal their gang links.

It does not appear that the Russian members of REVIL will be extradited to the US to stand trial. Again, perhaps some expected Russia to arrest members of the ransomware gang earlier today.

Joseph Carson, Chief Security Scientist at ThycoticCentrify register: “Many hackers around the world are using their skills for good and this includes government hackers who work vigorously to protect society from cybercrime, so targeting Revil would be a statement that cyber at the source Governments will work together to stop the criminals.”

Last summer US President Joe Biden asked his Russian counterpart Vladimir Putin to keep “some critical infrastructure … out of bounds” for ransomware gangs.

A few weeks after that summit, the two leaders agreed to take coordinated action, a time when doubts were high. Supporting that skepticism, a two-day cybersecurity summit focusing on ransomware took place in October without Russia joining.

Kev Breen, director of cyber threat research at Immersive Labs, said there’s more to it than meets the eye.

“The most interesting thing about these arrests is the timing. Over the years, the Russian government’s policy on cybercriminals has been less than proactive, to say the least – hence the need to evaluate such actions in a broader geopolitical context. According to the diplomatic table currently held with Russia and the US, these arrests could be part of a far broader, multilevel, political dialogue.”

So who is the Reville?

Revil (aka Sodinokibi) has been one of the most infamous ransomware gangs in history. The high-profile extortion campaign would have been busted ten times more, after targeting everything from US nuclear weapons contractors to MSPs like Kasia to British VOIP providers, but it would have been based somewhere other than Russia.

The money (in the form of cryptocurrency) stolen by ransomware gangs was spent in Russia, with gang members flaunting their ill-gotten gains through flash cars, homes and consumer goods.

Trend Micro said that Revil’s ransomware, known as sodinokibi, was first distributed in April 2019 via a similar mechanism used for the older Gandalf ransomware. regu Seen in May 2019 after Cisco Talos exploited a vuln in Oracle’s WebLogic product.

The gang has since been shot for defamation, the double-extortion method (pay once for the decryption of your forcibly encrypted files, pay again to prevent copies from being distributed to others) and pre-empt cryptocurrencies. To make millions from unsuspecting victims – helped, in part, by its affiliated structure and willingness to target anyone, despite fraudulent promises at the start of the COVID-19 pandemic.

The exact reasons for the Russians to target Reville and none of the other gangs operating from its grounds are yet known, although it appears that US concessions played a role given the state of Russia-US diplomatic relations. Might be possible. Given the FSB’s claim that REvil’s infrastructure has been completely shut down following the FBI-led operation in July 2021, it may be that law enforcement is trying to deter other domestic cyber crooks from a long-pending wanted to send a message.


Footage published by the state-affiliated TASS information agency showed the FSB sitting on men in boxer shorts, later talking to men in their handcuffs. It also shows a staged door-kicking-in operation, where the door of an apparently open apartment is thrown open in the midst of an agitated stampede, only to reveal a row of pre-arrested people sitting on the floor. Such comedy footage is a regular feature of law enforcement PR of former Soviet states.

Nation World News Deskhttps://nationworldnews.com
Nation World News is the fastest emerging news website covering all the latest news, world’s top stories, science news entertainment sports cricket’s latest discoveries, new technology gadgets, politics news, and more.
Latest news
Related news
- Advertisement -


Please enter your comment!
Please enter your name here