Federal Security Service of the Russian Federation (FSB) reported on the arrest of members of the REvil hacker group behind the distribution of ransomware.
As a result of searches at 25 addresses of 14 members of REvil, law enforcement officers seized over 426 million rubles, including in cryptocurrency, $600,000 and €500,000, 20 premium cars. They also gained access to computers and crypto wallets associated with the group’s criminal activities.
The detention took place on the basis of an appeal from the US authorities, who reported on the “leader of the criminal community.” The FSB claims that they have established the full composition of the group and it has ceased to exist, and the infrastructure of the attackers has also been eliminated.
V media A video of the arrest of the suspects has been released:
Court Arrests REvil Members Andrey Bessonov and Roman Muromsky for two months.
Recall that experts consider REvil (also known as Sodinokibi) one of the largest hacker groups in the world. She was often associated with the Russian Federation.
In October 2020, a REvil spokesperson stated that the annual earnings of hackers exceeded $100 million.
According to the US FBI, in May 2021, the largest meat processing company in the world, JBS, became the victim of the group. She paid the hackers a $11 million ransom in bitcoin.
In July, REvil attacked US software developer Kaseya, resulting in more than a thousand companies being affected. The attackers demanded $70 million in bitcoins for decrypting the files. Later, the company announced the presence of a “universal decryptor key” for files affected by the attack without paying a ransom. A few months later, it turned out that the FBI had originally received this key.
On the night of July 13, REvil dark web sites suddenly went offline.
Then some experts suggested that the unexpected disappearance of the group from the darknet was due to a telephone conversation between the presidents of the United States and the Russian Federation. In it, Joe Biden demanded that Vladimir Putin stop ransomware attacks on American companies from Russia.
LaterREvil attempted to resume operations, but ransomware sites went down yet again in October after unidentified individuals took control of their payment portal and data breach blog.
In November, US authorities imposed sanctions on Russian Yevgeny Polyanin and Ukrainian Yaroslav Vasinsky, who were accused of collaborating with REvil.
In December, it became known that the FBI seized more than 39 BTC from the wallet of a Russian associated with the group.
