Russian REvil takedown sets the stage for some scenarios

Russian officials reported on Friday that they had shut down REvil ransomware and arrested more than 12 gang members.

The Federal Security Service (FSB) of the Russian Federation said it shut down the REvil ransomware gang after US officials reported on the leader.

According to a press release from a Russian security agency, Russian police attacked 25 addresses owned by 14 gangsters in the Moscow, St. Petersburg, Leningrad and Lipetsk regions.

Authorities reportedly seized more than 426 million rubles of Russian rubles, as well as cryptocurrency wallets, computers, 20 expensive cars and US $ 600,000 and € 500,000 in cash.

FSB is an internal intelligence agency in Russia. According to a press release, it operated at the request of the US authorities who were notified of the results.

The REvil Group is a well-known ransomware gang that has caused havoc in many organizations around the world, said Joseph Carson, Chief Security Scientist and Advisory CISO. Thycotic.. So it’s not surprising that they are targeted.

“Many hackers around the world are making good use of their skills, including government hackers who are working hard to protect society from cybercrime. Therefore, REvil Targeting is likely to be a statement that the government will work together to stop cybercriminals from the root, “he told TechNewsWorld.

Capture and get details

The group “disappears”, according to a statement from the FSB.Authorities said they acted after receiving information about the REvil Group from the United States.

The raid follows repeated requests from US authorities to take action against Russia’s underground cybercrime ecosystem during the summer. Perhaps accordingly, the REvil gang ceased activity in July, but resumed activity in September before US authorities seized some of the dark web servers.

In addition to the arrests reported in Russia, seven other members of the REvil gang were also arrested throughout 2021. These arrests followed an operation coordinated by the FBI and Europol.

“The detained members were charged with committing a crime under Part 2 of Art. 187” The “illegal distribution of payment instruments” in Russian criminal law, “the FSB said in a press release.

According to the TASS Russian News Agency, the REvil gang has committed two major legal breaches. Cybercriminals have developed malicious software and organized the theft of money from foreign bank accounts.

Few IDs released

Russian authorities initially did not identify the suspects in custody. However, the Russian press RBC subsequently named one suspect Roman Muromsky, and TASS identified the second member as Andrei Bessonov.

Russian state news agency RIA Novosti has released video footage from several raids.

Several reports suggest that the Kremlin, where suspects are unlikely to be prosecuted in the United States, has no legal mechanism to hand over their citizens.

According to the FSB, Russian authorities have informed US representatives of the outcome of the operation. Authorities described the event as a rare partnership with US authorities.

Russia, which acts on the basis of cybercrime reports, especially ransomware, is particularly rare, Netenrich.. No cooperation with the FSB will occur unless child exploitation and Chechen involvement are involved.

“It is doubtful whether this will make a big difference in Russia’s attitude towards criminal activity within the border … It is safe to assume that without another big arrest within three months, there would have been no real change in Russia’s approach. “He said. TechNewsWorld.

“Nevertheless, it’s a big arrest and will have a significant short-term impact on reducing ransomware,” he added.

Part of the pattern

According to Adam Gavish, co-founder and CEO of, there was no need to upgrade traditional ransomware technology to be effective. DoControl.. It’s a simple rinsing and iterative process.

“Human factors are still a big issue. People make mistakes. They are easily targeted for social engineering campaigns and employees are more likely to click on phishing emails. Those endpoints are at risk. Exposed, malicious code is replicated and spread throughout IT assets. It’s simple, “he explained to TechNewsWorld why ransomware attacks were successful.

He added that attackers are crosshairing SaaS applications as cloud adoption soars. Enhancing many of the vulnerabilities in SaaS applications is the next step in advanced ransomware attacks. Attackers are aware that the company’s premier gem, data, is stored, manipulated, and shared between these critical cloud-hosted business applications.

“As with the cloud, SaaS protection is a shared responsibility between service providers and consumers,” Gavish added.

He suggested that modern enterprises have a duty to better protect files and data in SaaS through a defense-in-depth approach. If an endpoint is compromised, there needs to be a way to prevent malicious files from being accessed by employees or external collaborators.

International overtones

The specific dialogue between the United States and Russia on this operation remains unclear. However, the FSB’s confirmation may represent a flip-flop message emphasizing that Russian authorities can use it to thwart the activity of ransomware, but only under certain circumstances, with senior cyber threat intelligence analysts. One Chris Morgan suggested. Digital shadow..

“Law enforcement activities occurred at the same time as several tampering attacks on the Ukrainian government’s website. These have not yet been confidently made public, but were carried out by Russian threat actors. It is widely suspected that he was struck, “he told TechNewsWorld.

According to Morgan, the arrest of REvil members was politically motivated and Russia is trying to use the event as leverage. He suggested that this could be related to the recently proposed sanctions on Russia in the United States, or the developing situation at the Ukrainian border.

Motivation below

It is also important that the FSB targeted REvil, which has not been publicly active in conducting attacks since October 2021, Morgan continued. Chatting at the Russian cybercrime forum identifies this sentiment and suggests that REvil is a “big political game pawn.”

Another forum participant suggested that Russia had deliberately arrested the United States to calm it down, Morgan added. The FSB may have attacked REvil knowing that the group is at the top of the US priority list, but believes its removal will have a slight impact on the current ransomware situation.

In discussing the chatter of the Cybercrime Forum, Morgan reiterated that these arrests may also have served a secondary purpose. For example, it could be a warning to other ransomware groups.

“REvil released international news last year targeting organizations such as JBS and Kaseya, which were high-profile and influential attacks. A series of highly public attacks targeted them. It can be interpreted as a message to pay attention, “he said. Russian REvil takedown sets the stage for some scenarios

Back to top button