Russia's FSB Shuts Down Revil Ransomware Gang

REvil Ransomware Gang Disrupted by Russian FSB

The Russian Federal Security Service (FSB) declared on Friday the successful completion of a raid and subsequent shutdown of the operations linked to the REvil ransomware gang.

Raids Across Multiple Regions

This significant action, expected to deter other ransomware groups operating within the country, involved Russian authorities executing searches at 25 locations. These locations spanned the Moscow, St. Petersburg, and Lipetsk regions and were connected to 14 individuals suspected of involvement with REvil.

The group had previously suspended its activities in July, with an unsuccessful attempt to resume operations in September. REvil is widely believed to be responsible for several of the most impactful cyberattacks over the last year.

High-Profile Attacks Attributed to REvil

Among the attacks attributed to the gang are those targeting Colonial Pipeline, JBS Foods, and the U.S.-based technology company Kaseya.

Seized Assets

During the operation, the FSB reported seizing substantial assets. These included over 426 million rubles and €500,000 (approximately $6 million), alongside $600,000 in cash.

Furthermore, authorities confiscated cryptocurrency wallets, computer equipment, and a collection of 20 luxury vehicles.

Cooperation with U.S. Authorities

The FSB stated that the search operation was initiated at the request of U.S. law enforcement. Results of the operation were subsequently communicated to the U.S. authorities.

Those detained are facing charges under Russian law related to the “illegal circulation of means of payment.” The identities of the suspects have not yet been publicly disclosed by Russian officials.

FSB Statement on Operation Success

“As a result of joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community ceased to exist, and the information infrastructure used for criminal purposes was neutralized,” the FSB announced in an official statement.

Previous Arrests and U.S. Pressure

This FSB operation follows recent developments in the case. The U.S. Department of Justice charged a 22-year-old Ukrainian citizen in September, linking them to the REvil ransomware attack against Kaseya in July.

Throughout 2021, seven other members of the REvil gang were apprehended through coordinated efforts with Europol. President Biden had previously urged Russia to take action against these criminal organizations, directly appealing to President Vladimir Putin.

Timing Coincides with Cyberattacks in Ukraine

The FSB’s actions occurred shortly after a large-scale cyberattack disrupted Ukrainian government websites on Friday. Affected sites included those of the foreign ministry, national security and defense council, and the cabinet of ministers.

While officials have refrained from drawing immediate conclusions, they highlighted a “long record” of Russian cyberattacks targeting Ukraine.