Last Friday, there were mixed reactions as Russia’s domestic intelligence service, the Federal Security Service (FSB), announced that it carried out a particular operation against the notorious criminal ransomware gang REvil.
The Federal Security Service revealed that twenty-five houses were raided during the operation, and fourteen people were arrested. In addition, more than $1 million in assets was seized, including 426 million rubles, £500,000, $600,000, twenty luxury cars, computer equipment, and crypto-wallets.
Primarily based in Russia, the REvil gang has attacked several prominent international organizations, including software firm Kaseya and JBS, the world’s largest meat-processing company, in July last year. Also, former REvil associates are suspected of being behind the Colonial Pipeline cyberattack in May, which resulted in gas shortages on the US East Coast as the country’s biggest oil producer was shut down.
After hacking one of Apple’s suppliers, Quanta Computer, earlier this year, REvil reportedly demanded $50 million from the company ahead of its product launch.
The news of the raid came at a time when Ukraine battled a cyber attack that shut down all of its public-facing government websites, including the Foreign Ministry’s homepage, which briefly carried a message urging Ukrainians to “be afraid and expect the worst.” “There is certainly evidence of engagement [by] hacker organizations affiliated with Russian secret services,” Ukraine’s security service stated on Friday.
After a flurry of diplomatic attempts in Europe this week failed to stop Russia’s military buildup in Ukraine and encourage Moscow to deescalate, the arrests marked a rare bright moment in US-Russia ties.
When the two met in Geneva in June, President Joe Biden requested President Vladimir Putin’s help combating cyberattacks and ransomware. Still, in July, President Biden warned his Russian counterpart that the country could face grave consequences if it did not act quickly to neutralize Notorious groups like REvil. The State Department said in November that it would pay up to $10 million for information on REvil’s leaders.
The arrests made on Friday represent Russia’s first essential operation aimed at halting Russian-based ransomware attacks worldwide. According to the Federal Security Service, those arrested on Friday “created malicious software and orchestrated the theft of funds from foreign citizens’ bank accounts and cashed them out through the purchase of expensive products on the Internet.”
“The organized criminal group ceased to exist as a result of the joint activities of the FSB and the Russian Ministry of Internal Affairs,” the FSB statement claimed.
Meanwhile, the White House has confirmed that one of the hackers arrested was involved in the Colonial Pipeline incident. A senior administration official told reporters on Friday. “We believe one of the people arrested today was involved in the attack on the Colonial Pipeline last spring. We’re determined to bring those responsible for ransomware attacks against Americans to justice,” he said.
The footage released by Federal Security Service showed the agents breaking into apartments, pinning suspects to the ground, handcuffing people with obscured faces behind their back, going through stacks of Russian rubles, and examining the houses and laptops. One suspect had dozens of big bales of ruble bills in a chamber under his bed in the footage.
Following the raids, suspected REvil hacker Roman Muromsky, 33, was arrested and detained. However, whether the former leader of cybercriminal outfit EvilCorp appeared in the released footage is uncertain.
On Friday, Russian investigation authorities asked a Moscow court to remand Muromsky in prison for two months while investigating his alleged crimes.