Ransomware Group REvil Dismantled in Raids, Russia Says

4 days ago 124

Moscow said the ransomware radical REvil “ceased to exist” aft raids and arrests. It is not wide if the cognition volition easiness tensions with Washington.

Federal Security Service office  successful  cardinal  Moscow.
Credit...Sergei Karpukhin/Reuters

Ivan Nechepurenko

Jan. 14, 2022, 7:09 p.m. ET

MOSCOW — Russia’s main information bureau said connected Friday that astatine the petition of the United States authorities it had dismantled REvil, 1 of the astir assertive ransomware transgression groups attacking Western targets, and arrested immoderate of its members.

The agency, known arsenic the F.S.B., said “the organized transgression pack ceased to exist” aft a sweeping cognition that was carried retired successful 25 locations crossed 5 Russian regions. The raids followed aggregate requests by the Biden medication for the Kremlin to assistance unopen down specified groups.

The arrests were announced connected the aforesaid time that the U.S. authorities accused Russia of sending saboteurs into Ukraine to make a pretext for invasion, and that hackers shut down dozens of Ukraine’s authorities websites — an onslaught that Ukrainian officials suggested had originated successful Russia.

A elder Biden medication authoritative said the Russian expanse of REvil had nary bearing connected the gathering hostility implicit information successful Europe and the destiny of Ukraine, with Russia massing troops adjacent Ukraine’s borders and demanding that NATO propulsion backmost successful Eastern Europe. But it is not wide whether the Kremlin sees this uncommon illustration of practice betwixt the 2 countries arsenic unrelated to Ukraine.

The official, speaking connected information of anonymity to little reporters, said the medication believed 1 of those arrested connected Friday was progressive successful a ransomware hack past twelvemonth that shut down the Colonial Pipeline, a large artery of substance for the eastbound United States. That onslaught was attributed to a radical called DarkSide that is besides believed to run successful Russia and to person ties to REvil.

In July, President Biden warned President Vladimir V. Putin of Russia that the state could look sedate consequences if it did not enactment swiftly connected neutralizing groups similar REvil. In November, the State Department announced it was offering a reward of up to $10 cardinal for accusation astir REvil’s leaders.


Credit...Tverskoy District Court, via Reuters


Credit...Tverskoy District Court, via Reuters

Later connected Friday, a tribunal successful Moscow placed successful custody 2 members of the group, identified by Interfax, a Russian quality agency, arsenic Andrei Bessonov and Roman Muromsky. Russian authorities did not picture the men’s roles successful REvil, oregon accidental what grounds linked them to the group.

The F.S.B. did not accidental however galore radical it had arrested, oregon whether they included the group’s leaders. It remains to beryllium seen whether the cognition truly spells the extremity of REvil; successful the past, specified groups person reformed nether caller names.

U.S. officials person said that the Kremlin could unopen down hacker groups similar REvil, but tolerates oregon adjacent encourages them, arsenic agelong arsenic their targets are extracurricular of Russia.

In July, pursuing President Biden’s ultimatum, REvil went offline, fueling speculations astir whether the Kremlin had ordered the radical to spell quiet, oregon the United States oregon its allies had managed to disrupt its operations, oregon the radical itself had decided to spell underground, fearing that the vigor had go excessively intense.

However, it resurfaced 2 months later, reactivating a portal victims usage to marque payments. In October, it was again forced offline, temporarily, by a counter-hacking effort mounted by the governments of respective countries, including the United States.

REvil, abbreviated for “ransomware evil” has been 1 of the astir notorious ransomware hacking groups sought by United States instrumentality enforcement. Ransomware groups hack into a victim’s machine strategy and encrypt its data, efficaciously locking retired the owners, and extort them for wealth — sometimes millions of dollars, paid successful cryptocurrency — successful instrumentality for reversing the encryption.

What to Know About Ransomware Attacks

Card 1 of 5

U.S. quality agencies identified REvil arsenic liable for the attack connected 1 of America’s largest beef producers, JBS, past June, forcing the shutdown of 9 beef plants. In the end, JBS said it had paid an $11 cardinal ransom successful Bitcoin. The relation of the Colonial Pipeline paid astir $5 cardinal successful Bitcoin.

REvil besides took recognition for what was described arsenic the biggest ransomware hack ever successful July, affecting up to 1,500 businesses astir the world.

The enactment boasted astir its attacks connected its tract — called “Happy Blog” — connected the acheronian web, wherever it listed immoderate of its victims and net from its integer extortion schemes.

In September, a study by the cybersecurity institution Recorded Future said that Russian quality officials person longstanding ties to cybercrime groups. “In immoderate cases, it is astir definite that the quality services support an established and systematic narration with transgression menace actors,” it said.

On Friday, the F.S.B. said in a statement that it had informed the U.S. authorities of the expanse against REvil, including searches of the residences of 14 radical members, adding that it had seized much than $5.5 cardinal successful rubles, dollars, euros and cryptocurrencies, arsenic good arsenic 20 luxury cars.

REvil, it said, had “developed malware, organized the theft of funds from slope accounts of overseas citizens, and besides cashed them out, including by buying costly goods online.”

Footage of the arrests, aired by Russian quality channels, showed agents breaking into apartments and pushing young men to the level and handcuffing them. The video besides showed ample piles of dollars and rubles being seized and counted, and masked agents looking done confiscated computers.

David E. Sanger contributed reporting from Washington.

Read Entire Article