REvil ransomware Group took down in Russia by FSB

Sicherheit (Pexels, allgemeine Nutzung)[German]The Russian Federal Security Service (FSB) has reportedly raided homes and arrested suspected members of the REvil ransomware group at the request of U.S. law enforcement. In the process, 500,000 euros and 600,000 US dollars in cash were seized. The whole thing must have happened yesterday, Friday, January 14, 2022 in various Russian cities.


Raided homes and arrested people

Reuters refers to an FSB report, claiming, that members of the REvil ransomware gang have been identified. There were numerous arrests, and russian police raided at 25 addresses in Moscow, St. Petersburg, Leningrad and Lipetsk. Catalin Cimpanu, who reported on it here, posted a video of one such raid on Twitter.

FSB raided REvil group menbers

As many as 14 people have been accused of being members of the REvil ransomware group. One suspected member was identified as Roman Muromsky (see). The report does not indicate how many were actually arrested. Addendum: Bleeping Computer says 8 members are charged.

  • More than $5,000,000 was seized in rubles and cryptocurrencies
  • 600,000 US dollars and 500,000 euros in cash seized
  • 20 luxury cars were seized on the grounds that they were "bought with the proceeds of crime"

Some reports told, that the infrastructure was also taken down in the process. The whole action stemmed from a request by U.S. law enforcement. Since they are Russian citizens, there will probably be no extradition to the US.

The action is noteworthy because there was just a large-scale cyberattack on Ukrainian authorities whose websites were defaced(see). This is attributed to Russian hackers.

The REvil Group

The REvil group has been responsible for numerous ransomware attacks against US companies and organizations, but also against victims outside the US. I had reported more often about their actions here on the blog. It had also been reported that their infrastructure had been shut down (see REvil Ransomware Group server and infrastructure is shut down). But the group became active again and disappeared again. Let's hope that this time it is more sustainable and the group has been dismantled.


Similar articles:
Europol targeted 12 suspicious ransomware operators
2 ransomware operators arrested in Ukraine by law enforcements and Europol
Ironside: Police trick criminals with ANOM Crypto-Devices and Messenger app
Egregor ransomware gang members arrested
Details of Emotet uninstallation by law enforcement officials
Suspected leading member of REvil gang identified in Russia
REvil cyber gang suspends activities after hijacking Tor sites
REvil Ransomware Group server and infrastructure is shut down
Bitdefender provides universal REvil decryptor
Coop-Sweden closes 800 stores after Kaseya VSA supply chain attack by REvil gang
Five affilitates of Sodinokibi/REvil ransomware group arrested

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *