Russian secret service arrests members of hacker group REvil

The Russian secret service FSB has carried out several raids on members of the infamous hacker group REvil. The police seized 426 million rubles, as well as twenty very expensive cars. The raids and searches took place at the request of the US government. The suspects will not be transferred to the US.

That write the Russian news agency TASS and the American news agency Reuters.

This is what you need to know about REvil

Anyone who keeps up with the latest developments in the world of cybercrime and cybersecurity is sure to know the name REvil. It is a Russian hacker group that has been targeting Western companies and organizations with ransomware since 2019. In doing so, they copy confidential and sensitive information and lock the original files with ransomware. Once victims pay the ransom, they are given the decryption key to remove the lock.

Last year, the hacker collective carried out attacks with ransomware against, among others, meat producer JBS and ICT service provider Kaseya. The ransomware attack on Kaseya also suffered casualties in our country. Money exchange office Travelex and hardware producer Acer have already fallen prey to the Russian hacker group. Overall, REvil is responsible for thousands of ransomware attacks and infecting hundreds of millions of computers, security experts say.

Russians seize computers and luxury cars

The many cyber-attacks on American targets have disappointed US President Joe Biden. He spoke to his Russian colleague President Vladimir Putin about this several times. He demanded that he act against hackers who carried out digital attacks on American companies and organizations from Russian soil. Biden even considered retaliating against Russia if they did not comply with the Americans’ request.

It appears that the US president’s request has been granted. In a joint operation of the Russian police and the secret service FSB, house searches were carried out at 25 addresses on Thursday. According to the Russian state news agency TASS, 14 suspects have been arrested. In addition, 426 million rubles – almost 500,000 euros – in cash was seized. Agents also confiscated a number of computers, crypto wallets and twenty luxury cars. TASS has posted a short video of the raids on its YouTube channel.

End of exercise?

The question is whether REvil has now finally been closed. It wouldn’t be the first time the Russian hacker group was nowhere to be found. Last summer, REvil suddenly seemed to have disappeared from the face of the earth. Websites on the dark web and the regular internet had spontaneously gone black. The help desk was also no longer available. Finally, Unknown, the spokesperson for the hacker group, was banned from the XSS hacker forum.

In mid-September, the Russian hacker group made itself heard again. The Tor payment site was suddenly back online, as was the Happy Blog. Victims were able to log in again to negotiate a ransom or transfer money to the hackers’ accounts. Finally, new ransomware attacks took place.

In October last year, the FBI announced that it, along with “united powers,” was able to take REvil offline. Before that, the parties attacked compromised backup systems. In recent months, several leaders of the hacker group have been arrested in the US and Germany. After Thursday’s searches, the FSB believes REvil’s IT infrastructure has been defined as “neutralized.”

An anonymous source tells Reuters that the suspects will not be extradited to the US.

Tensions between Europe and Russia

The Russian government has chosen a striking moment to announce the news about the searches and arrests. At the moment there are great tensions between Europe and Russia. The reason for this is the Russian army on the border with Ukraine. Thousands of army vehicles and more than 100,000 soldiers are currently stationed there. Many fear that Russia will invade the neighbouring country. The annexation of Crimea in early 2014 is still on many minds.

Last week, several difficult talks took place between Western and Russian negotiators and diplomats. European countries want Russia to withdraw its troops. Russia, on the other hand, wants a commitment that Ukraine should never join NATO. The negotiations did not lead to a breakthrough.

Update (January 15, 2022): The hacker responsible for the May 2021 cyber attack on Colonial Pipeline is one of the men arrested last Thursday. Insiders confirm this to The Washington Post. He allegedly stole 100GB of company sensitive information and threatened to make it public.

To prevent sensitive information from ending up on the dark web, CEO Joseph Blount paid $4.4 million in ransom. “I did it in the national interest,” he said in an interview with The Wall Street Journal. The suspect was not a member of REvil, but was part of DarkSide. Like REvil, it is a hacker group with ties to Russia. Shortly after the attack on the American oil company, DarkSide threw in the towel.

Today it was announced that the Russian authorities have arrested three more suspects. According to Reuters news agency, the trio is part of the Russian hacker group REvil. They allegedly smuggled money illegally. More details about the arrest have not been released.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts