Russian Authorities Have Arrested Multiple Members of REvil Ransomware Gang

Russian Authorities Have Arrested Multiple Members of REvil Ransomware Gang

The Russian Federation’s Federal Security Service (FSB) claims to have shut down the REvil ransomware group after US officials revealed the leader’s identity. According to a news statement issued today by the Russian security agency, police operations at 25 residences resulted in the arrest of more than a dozen gang members.

The Federal Security Service of Russia said that the search was prompted by request from competent US authorities, who had received information about the criminal community’s leader and his involvement in encroaching on the information resources of foreign high-tech companies by introducing malicious software, encrypting data, and extorting money for its decryption.

Russian police have apprehended 14 people accused of being involved in the REvil ransomware-as-a-service (RaaS) business and seized bitcoin and fiat money in the following amounts:

  • over 426 million rubles (approx. $5,5 million)
  • 600 thousand US dollars
  • 500 thousand euros (approx. $570,000)

Russian investigators also seized 20 luxury vehicles, computer equipment, and cryptocurrency wallets used to establish and manage the RaaS enterprise, as well as money collected from cyberattacks. The raids were carried out in the districts of Moscow, St. Petersburg, Leningrad, and Lipetsk.

According to the FSB, it was able to identify all REvil gang members, document their unlawful operations, and prove their involvement in the “illegal circulation of means of payment.” REvil members were also involved in stealing money from foreign nationals’ bank accounts, in addition to developing and installing file-encrypting malware on business networks throughout the world.

Russia’s Federal Security Service clarified that the organized criminal community ceased to exist due to the joint activities of Russia’s Federal Security Service and the Ministry of Internal Affairs, and the information infrastructure exploited for illegal objectives was neutralized. The FSB claims to have notified representatives of the relevant US authorities about the operation’s outcomes.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.