Russia’s domestic intelligence agency announced a special operations campaign against the infamous criminal ransomware group REvil on Friday. According to the Federal Security Service (FSB), Russian authorities attacked 25 addresses, arrested 14 people and seized more than $ 1 million in assets: 426 million rubles, $ 600,000, € 500,000. , Computer equipment, cryptocurrency wallet, 20 luxury cars.
Russia-based REvil gangs have launched a series of high-profile attacks on major US and international companies.When , The world’s largest meat processing company.
Earlier this year, REvil reportedly demanded $ 50 million from Apple prior to launching the product after hacking one of its suppliers, Quanta Computer. Associates of the Criminal Ransomware Group, The largest oil producer in the country.
The FSB’s announcement is to respond to a cyberattack that shuts down the government’s public website, including the Foreign Ministry’s homepage, which temporarily displayed a message warning Ukraine to “fear and anticipate the worst.” It was done when scrambled.Ukrainian security services Said friday, “There are some signs of involvement [by] A hacker group related to Russian secret services. ”
FSB Claimed those who were arrested On Friday, he “developed malicious software, organized theft of funds from foreign bank accounts, bought expensive goods on the Internet, and monetized them.”
“As a result of the joint action of the FSB and the Russian Ministry of Internal Affairs, organized crime groups no longer exist,” the statement boasted.
The White House admitted on Friday that one of the arrested hackers was involved in the Colonial Pipeline case.
“I understand that one of the people arrested today was responsible for the attack on the Colonial Pipeline last spring,” a senior government official told reporters on Friday. “We promise to see people in ransomware attacks against Americans being tried.”
FSB too Distributed video It depicts an agent assaulting a house, stabbed a suspect on the floor, handcuffed an individual with a blurred face, and rearranged a mountain of Russian rubles.
It’s unclear if the former leader of the cybercriminal group Evil Corp will appear in the distribution video, but Roman Muromsky, 33, suspected of being a REvil hacker, was detained after the attack.
The Tverskoy District Court in Moscow detained Muromskiy, a Russian citizen suspected of illegal trafficking in payment methods, for two months.
Court spokesman Kseniya Rozina said on Friday, “The court has granted a motion from an investigation to choose two months of custody until March 13 as a detention measure for Gennadyevich Muromsky in Rome.” The court also imprisoned Andrey Besonov, a Russian news agency reported on Friday.
However, Russia will not hand over members of the REvil hacker group with Russian citizenship to the United States. Knowledgeable sources told Interfax Friday.
“Russian federal law prohibits the transfer of Russian citizens abroad,” sources said without specifying whether all detained hackers were Russian citizens.
In their statement, the FSB said Friday’s investigation was “at the request of the US authorities in its jurisdiction.” Authorities were later “informed about the outcome of the operation.”
After a week of unsuccessful diplomatic efforts to curb Russia’s military buildup, which borders Ukraine, US-Russia cooperation shows a bright spot for the two countries in a otherwise tense moment. Ukrainian communications intelligence services are responding to cyberattacks targeting as many as 70 websites, so U.S. and Ukrainian officials say the Kremlin is actively preparing the battlefield using information warfare. I am telling CBS News.
“These arrests are another example of important actions taken by the United States to curb a multifaceted extortion crisis. Threateners reassess whether criminal activity should continue in the light of arrests and prosecutions. “We are,” said Charles Carmakal, Mandiant’s SVP and CTO. I told CBS News.
“Still, the timing is wrong here,” warned in an interview with CBS News, Ken Westin, director of security strategy at Cybereason. The Russian-led assault “may be a smoke screen or a red herring.”
“Defeating a ransomware leader is like cutting off Hydra’s head,” Westin added. “New leaders intervene to fill the void. The relationship between ransomware gangs and Russian APT groups is well known, and the true actors behind these groups continue to be exempt.”
Jeremy Sheridan, Cyber Chief of the US Secret Service, prior to the public report of Russia-led Operation REvil on Thursday Told the Washington Post Ransomware criminals are often matured, evolved, or tuned and reappear under various facades.
“There is an expression my colleague uses because these small groups are working with illegal exchanges,” Sheridan said. “The same 200 are chasing the same 200. There is certainly an influx of new actors in this space, but what’s common in new variants and new cyberattacks is that the same developers have changed. It’s just a certain amount of technology. “
Last summer, the State Department Offer rewards up to $ 10 million Information that leads to the identification or location of a major REvil group leader.
In November, Attorney General Merrick Garland announced the seizure of more than $ 6 million in cryptocurrencies after REvil leader and Russian citizen Yevgeniy Igorevich Polyanin scooped $ 13 million from ransomware victims. The suspected “author” of REVIL ransomware, Polyanin, has been charged with fraud, intentional damage to protected computers, and 14 plots of money laundering.
CBS News is seeking comment from the Department of Justice, the FBI, and the National Security Council.
Margaret Brennan, Arden Fari, Dan Patterson and Rob Legale contributed to this report.
https://www.cbsnews.com/news/ransomware-russia-arrests-revil/ Russia arrested 14 suspects of REvil ransomware gang