Over the last few years, the hacker organization REvil has been behind some of the most high-profile ransomware attacks in the USA and globally. The predominantly Russia-based hacker group is believed to be responsible for the cyber incidents with JBS and Kaseya last year. After numerous requests from the USA, the group was finally tackled by Russia’s Federal Security Service (FSB).
The authorities arrested more than ten individuals they believe are associated with the hacker organization and seized millions of cash and cryptocurrency. Arrests were predominantly made in major cities like Moscow and St Petersburg and the surrounding regions. According to a press announcement published by FSB, the cash amounts to 426 million rubles, $600,000, and approximately half a million euros. In addition, the Russian authorities also confiscated twenty vehicles and computer equipment and multiple cryptocurrency wallets containing undisclosed amounts of virtual money. All arrested individuals have been charged, and court appearances have begun. The people involved in the scheme will get up to seven years in prison.
There is no confirmation yet whether any of the actual leaders of REvil have been arrested. Russia has been under a lot of pressure over the last few years, and many believe that Russia has finally decided to throw a bone at the US government. However, it is unclear whether the REvil hacker organization has been officially shut down. Experts believe that the chances of Russian citizens being handed over to the US authorities to stand trial are slim to non-existent.
None of the names released to the media yet appear on the FBI’s Cyber Most Wanted list, nor have US authorities ever named them before. Thus, it is hard to say whether the FSB has terminated REvil for good or Russia’s Vladimir Putin is just throwing dust in the Biden administration’s eyes as a part of a political game. So even though the press release announcement from FSB claims that the organized criminal association has ceased to exist and the information infrastructure used for illegal purposes was neutralized, REvil may rebrand and resurface again in the far or near future.
It is unclear whether REvil ringleader Yevgeniy Polyanin, who last year was easily tracked down by a reporter of the UK’s Daily Mail newspaper, is among the arrested. Time will show whether he is behind bars or he is continuing to live comfortably and untouched in Western Siberia.
The announcement about the end of REvil came as Ukraine was responding to a massive cyber-attack that crippled multiple government websites. The defaced sites displayed warning messages addressed at Ukrainians saying that they should “be afraid and expect the worst.” Many believe Russia-sponsored hackers executed the cyber-attack.