{"id":22987,"date":"2022-01-16T06:25:23","date_gmt":"2022-01-16T05:25:23","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=22987"},"modified":"2022-01-16T16:49:47","modified_gmt":"2022-01-16T15:49:47","slug":"revil-ransomware-gruppe-in-russland-durch-fsb-zerschlagen","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/01\/16\/revil-ransomware-gruppe-in-russland-durch-fsb-zerschlagen\/","title":{"rendered":"REvil ransomware Group took down in Russia by FSB"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/01\/15\/revil-ransomware-gruppe-in-russland-durch-fsb-zerschlagen\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]The Russian Federal Security Service (FSB) has reportedly raided homes and arrested suspected members of the REvil ransomware group at the request of U.S. law enforcement. In the process, 500,000 euros and 600,000 US dollars in cash were seized. The whole thing must have happened yesterday, Friday, January 14, 2022 in various Russian cities.<\/p>\n<p><!--more--><\/p>\n<h2>Raided homes and arrested people<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg09.met.vgwort.de\/na\/b9e61ef26ab84ada8ca886f6361ae0d4\" alt=\"\" width=\"1\" height=\"1\" \/><a href=\"https:\/\/www.reuters.com\/technology\/russia-arrests-dismantles-revil-hacking-group-us-request-report-2022-01-14\/\" target=\"_blank\" rel=\"noopener\">Reuters<\/a> refers to an FSB report, claiming, that members of the REvil ransomware gang have been identified. There were numerous arrests, and russian police raided at 25 addresses in Moscow, St. Petersburg, Leningrad and Lipetsk. Catalin Cimpanu, who reported on it <a href=\"https:\/\/therecord.media\/fsb-raids-revil-ransomware-gang-members\/\" target=\"_blank\" rel=\"noopener\">here<\/a>, posted a video of one such raid on <a href=\"https:\/\/twitter.com\/campuscodi\/status\/1481989170876882944\" target=\"_blank\" rel=\"noopener\">Twitter<\/a>.<\/p>\n<p><a href=\"https:\/\/twitter.com\/campuscodi\/status\/1481989170876882944\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"FSB raided REvil group menbers\" src=\"https:\/\/i.imgur.com\/HWVrAKP.png\" alt=\"FSB raided REvil group menbers\" \/><\/a><\/p>\n<p>As many as 14 people have been accused of being members of the REvil ransomware group. One suspected member was identified as Roman Muromsky (<a href=\"https:\/\/twitter.com\/campuscodi\/status\/1482017021583892480\" target=\"_blank\" rel=\"noopener\">see<\/a>). The report does not indicate how many were actually arrested. Addendum: Bleeping Computer <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/russia-charges-8-suspected-revil-ransomware-gang-members\/\" target=\"_blank\" rel=\"noopener\">says<\/a> 8 members are charged.<\/p>\n<ul>\n<li>More than $5,000,000 was seized in rubles and cryptocurrencies<\/li>\n<li>600,000 US dollars and 500,000 euros in cash seized<\/li>\n<li>20 luxury cars were seized on the grounds that they were \"bought with the proceeds of crime\"<\/li>\n<\/ul>\n<p>Some reports told, that the infrastructure was also taken down in the process. The whole action stemmed from a request by U.S. law enforcement. Since they are Russian citizens, there will probably be no extradition to the US.<\/p>\n<blockquote><p>The action is noteworthy because there was just a large-scale cyberattack on Ukrainian authorities whose websites were defaced(<a href=\"https:\/\/www.reuters.com\/world\/europe\/expect-worst-ukraine-hit-by-cyberattack-russia-moves-more-troops-2022-01-14\/\" target=\"_blank\" rel=\"noopener\">see<\/a>). This is attributed to Russian hackers.<\/p><\/blockquote>\n<h2>The REvil Group<\/h2>\n<p>The REvil group has been responsible for numerous ransomware attacks against US companies and organizations, but also against victims outside the US. I had reported more often about their actions here on the blog. It had also been reported that their infrastructure had been shut down (see <a href=\"https:\/\/borncity.com\/win\/2021\/07\/14\/server-und-infrastruktur-der-revil-ransomware-gruppe-ist-abgeschaltet\/\">REvil Ransomware Group server and infrastructure is shut down<\/a>). But the group became active again and disappeared again. Let's hope that this time it is more sustainable and the group has been dismantled.<\/p>\n<p><strong>Similar articles:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2021\/10\/29\/europol-zerschlgt-ransomware-gruppe\/\">Europol targeted 12 suspicious ransomware operators<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/10\/04\/europol-co-lassen-2-ransomware-operatoren-in-der-ukraine-festnehmen\/\">2 ransomware operators arrested in Ukraine by law enforcements and Europol<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/06\/09\/ironside-polizei-trickst-kriminelle-mit-anom-messenger-app-aus\/\">Ironside: Police trick criminals with ANOM Crypto-Devices and Messenger app<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/02\/15\/mitglieder-der-egregor-ransomware-gang-verhaftet\/\">Egregor ransomware gang members arrested<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/01\/30\/details-zur-emotet-deinstallation-durch-strafverfolger\/\">Details of Emotet uninstallation by law enforcement officials<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/10\/28\/mutmalicher-hintermann-der-revil-gang-in-russland-identifiziert\/\">Suspected leading member of REvil gang identified in Russia<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/10\/19\/revil-cyber-gang-stellt-aktivitten-nach-hijacking-von-tor-knoten-ein\/\">REvil cyber gang suspends activities after hijacking Tor sites<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/07\/14\/server-und-infrastruktur-der-revil-ransomware-gruppe-ist-abgeschaltet\/\">REvil Ransomware Group server and infrastructure is shut down<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/09\/17\/bitdefender-stellt-universellen-revil-decryptor-bereit\/\">Bitdefender provides universal REvil decryptor<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/07\/03\/coop-schweden-schliet-800-geschfte-nach-kaseya-vsa-lieferkettenangriff-durch-revil-gang\/\">Coop-Sweden closes 800 stores after Kaseya VSA supply chain attack by REvil gang<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/11\/09\/fnf-mitglieder-der-sodinokibi-revil-ransomware-gruppe-verhaftet\/\">Five affilitates of Sodinokibi\/REvil ransomware group arrested<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The Russian Federal Security Service (FSB) has reportedly raided homes and arrested suspected members of the REvil ransomware group at the request of U.S. law enforcement. In the process, 500,000 euros and 600,000 US dollars in cash were seized. The &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/01\/16\/revil-ransomware-gruppe-in-russland-durch-fsb-zerschlagen\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-22987","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=22987"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22987\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=22987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=22987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=22987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}