Russia Takes Down REvil Hackers—as Ukraine Tensions Mount

DMCA / Correction Notice
- Advertisement -


for years The infamous Russia-based Ravil criminal gang has ruthlessly attacked targets. Last May, the group, along with its partners, disrupted production at meat supplier JBS, netting itself $11 million in payment of ransom. Two months later it disabled thousands of businesses because it exploited a vulnerability in IT services company Kasia’s update system. Raville’s attacks have not yet been largely punished.

- Advertisement -

In an unprecedented move that is likely to send ripples through the inner circles of other Russia-based cybercriminal gangs, the country’s security agency has arrested 14 alleged members of Revil. The Federal Security Service (FSB) announced the arrest on Friday, the independent Russian news agency reported. interfax and a press statement from FSB officer, This is the first significant action the Russian government has taken against ransomware gangs after years of ignoring international pressure.

“For the longest time REvil, and in particular the key operator Unknown, felt that they could operate with impunity. This arrest shows that even ransomware groups operating in Russia are not untouchable, Alan Liska, analyst at Recorded Future, a security firm specializing in ransomware, says. Could end up in jail.”

advertisement

Reville fell off the radar in July amid intense scrutiny, only to return a few months later. But as an international law enforcement effort, the revival was brief. knocked in group Offline back in October.

During the arrest on Friday, officials from the FSB and the Department of the Ministry of Internal Affairs seized computer equipment, 20 luxury cars and more than $5.5 million in rubles and cryptocurrency. Law enforcement also seized control of the cryptocurrency wallet used by the suspects and recovered approximately $1.2 million in foreign cash funds.

- Advertisement -

The suspects have not been named, but the arrests took place in Moscow, St. Petersburg and the Lipetsk region south of the Russian capital. Authorities said the arrests were made for “illicit trading of means of payment,” and they claim his actions have paralyzed Reville.

A translated version of the FSB’s statement said, “the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralised.” report from russia Claim The FSB acted after requests from the United States; In August, President Joe Biden told Vladimir Putin that he should take action against cybercriminals operating in Russia.

The arrest could prove to be a turning point in the urgent international effort to combat ransomware, given that Russian cooperation has been a critical missing component of the global response. But the arrests also come at a time when tensions in the region have escalated due to Russia’s deployment of troops along the Ukrainian border. There have been three rounds of talks between Russia, America and NATO regarding the future of Ukraine. Failed to pacify the situation. And as soon as the FSB announced the REvil arrests on Friday, more than a dozen Ukrainian government websites were Defaced and Hit with DDoS Attacks, although the perpetrator of the attacks is still unknown.

“I think to be concerned about Russia’s covert motives” [for conducting the REvil arrests] “Completely justified,” says John Hultquist, vice president of threat intelligence at security firm Mandient. “It’s essentially a feather in his hat and you can definitely take a cynical view of it and think that’s all he’s hinting at. But I think ultimately it’s still good news. Actors need to know that you can’t go into the sunset if you’re harassing thousands of people and stealing millions of dollars.

This isn’t the first time an alleged member of Reville has faced action from law enforcement. In November, 22-year-old Ukrainian national Yaroslav Wasinsky was arrested in Poland and charged with the Kasia attack. Vasinskyi allegedly misused a Kaseya product to implement the REvil code, which then spread the group’s ransomware through Kasya’s network, according to one Justice Department Prosecution, Yevgeny Polyanin, a 28-year-old Russian citizen, was also accused of deploying Revil’s ransomware – he is accused of conducting 3,000 ransomware attacks – and his assets worth $6.1 million were confiscated.

Law enforcement agencies around the world, including Ukraine, are increasingly working together in efforts to combat ransomware actors. Since February 2021, Europol has arrested Five hackers linked to Reville And say that 17 countries are working on its investigation. These include the US, UK, France, Germany and Australia.

Without Russia’s cooperation, however, the authorities had some hard limits on what they could effectively target the gang. After hitting an extreme—or nadir—with a series of disruptive and devastating attacks in the summer of 2021, Reville mostly went dark after international law enforcement was compromised basic infrastructure, Other Russia-based groups, however, like the infamous Darkside gang and its successor Blackmatter, have continued their targeting, at least for now.

“The big question, I suppose, is, does this represent a real change in Russia’s intentions to tackle this problem, or has Reville been sacrificed in an effort to ease some international pressure?” says Brett Callow, a threat analyst at antivirus company Emsisoft. “I would suspect the latter.”

Callow and others stress that, although it will take time to learn more about the Russian government’s approach, it should provide some amount of deterrent effect given the many revel operators caught. And in an interconnected industry like the ransomware market, every disruption is significant.

“I agree there should be a motivation other than ‘America asked us nicely,’ but regardless, it will further disrupt the ransomware economy, at least in the short term,” said incident responder and former NSA hacker Jake Williams. it is said.

In the long term, many ransomware groups operating out of Russia remain highly active. Reveal takedowns are a sign of progress, but what really matters will be the Kremlin’s appetite for chasing down those other gangs.


,

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories