FSB says it dismantled the REvil hacker group
The Federal Security Service of the Russian Federation (FSB) said it has detained members of the hacker group REvil, behind the distribution of ransomware.
Following searches at 25 addresses, 14 members of REvil were detained and authorities seized more than 426 million rubles, including cryptocurrency, $600,000 and €500,000, and 20 luxury cars. They also gained access to computers and crypto wallets linked to the group’s criminal activity.
The arrest followed a request from U.S. authorities, who had reported on the ‘leader of the criminal network.’ The FSB says it identified the full composition of the group and that it had ceased to exist, with the attackers’ infrastructure also dismantled.
In the СМИ there appeared a video of the detention of the suspects:
The court remanded REvil members Andrey Bessonov and Roman Muromsky in custody for two months.
Experts say that REvil (also known as Sodinokibi) is one of the world’s largest hacker groups. It has often been linked to Russia.
In October 2020 a REvil representative said that the hackers’ annual earnings exceeded $100 million.
According to the FBI, in May 2021 victim of the group was the world’s largest meat-processing company JBS. It paid the hackers a ransom of $11 million in bitcoins.
In July, REvil attacked the American software developer Kaseya, resulting in more than a thousand companies affected. For decrypting the files the attackers demanded $70 million in bitcoins. Later the company stated the existence of a ‘universal decryptor key’ for the affected files without paying the ransom. It emerged that this key was initially obtained by the FBI.
In the night of July 13, REvil’s dark-web sites went offline abruptly.
At the time, some experts suggested that the sudden disappearance of the group from the dark web was linked to a telephone call between the presidents of the United States and Russia. In it, Joe Biden urged Vladimir Putin to curb ransomware attacks on American companies conducted from Russian soil.
Later, REvil attempted to resume operations, but in October the extortion sites went offline again after unknown actors took control of their payment portal and data-leak blog.
In November, U.S. authorities imposed sanctions on Russian Evgeny Polyanin and Ukrainian Yaroslav Vasinsky, whom they accused of cooperating with REvil.
In December it emerged that the FBI seized more than 39 BTC from the wallet of a Russian linked to the group.
Follow ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, rates and analysis.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!