Russian secret service arrests REvil ransomware gang

The Russian secret service FSB has arrested a group of hackers who were behind the REvil ransomware. The service did this at the request of the United States. One of the largest ransomware gangs in the world has thus been shut down.

In total, fourteen members of the gang have been arrested, the federal security service writes in a statement. In the action, 25 homes in Moscow, Saint Petersburg and Lipetsk were searched. Computers and cryptocurrency wallets were seized, as well as twenty cars, worth 600,000 dollars, 500,000 euros and 426 million rubles, or 4.86 million euros. The gang members are suspected of possessing illegal money.

The FSB says it carried out the operation at the request of the US authorities. That is striking, because Russian ransomware gangs had free rein for years. The authorities in the country usually left the gangs alone as long as they did not attack Russian targets. That changed last year; as part of diplomatic negotiations between the United States and Russia, the latter pledged to step up action against ransomware criminals. The US then teamed up with other countries to temporarily take REvil offline, though the group later returned. That the action has now been carried out by the Russian service itself is a strong signal to gangs in the country.

REvil was one of the most notorious forms of ransomware. The group created ransomware-as-a-service and partnered with affiliates who attacked many large companies. Among other things, the group was behind the attack on Kaseya, with which smaller companies were hit by ransomware.