This post was original published at https://www.itnews.com.au/news/russians-arrest-revil-ransomware-raiders-574733?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+Security+feed
The Russian Federal Security Service FSB has struck against the REvil ransomware gang, arresting 14 alleged criminals and seizing large amounts of extorted money, computers and expensive cars.
Raids were conducted in Moscow and St Petersburg in cooperation with agents from Russia’s Ministry of Internal Affairs, with 25 homes of alleged REvil gang members searched.
FSB said that officers seized 426 million rubles (A$7.74 million), some of it in cryptocurrency, along with US$600,000 and 500,000 euros.
Computer equipment, crypto wallets and “20 premium cars purchased with money obtained from crime” were also seized.
Russian state broadcaster TASS identified two of the 14 arrested as Muromsky Roman Gennadyevich, and Andrey Sergeevich Bessonov.
Despite current serious tensions over Ukraine between the two superpowers, the Russian agency said “the competent US authorities were informed about the results of the operation.”
After several high-profile attacks, including the supply chain attack on managed service provider software company Kaseya and gas supplier Colonial Pipeline, US authorities have pursued the REvil gang and its ransomware-as-a-service affiliates.
Under pressure from law enforcement, REvil, one of the most notorious ransomware raiders over the past few years, has started to crumble.
In September last year, the REvil gang was accused by affliates of scamming the latter out of extortion payments.
A coordinated operation between US government and police in other countries saw REvil’s infrastructure hacked last year.
The hack targeted REvil’s backups, a strategy the ransomware raiders had themselves used, and led to law enforcement agencies taking control over the extortionists’ servers.