The Russian Federal Security Service (FSB) said today that it has raided and shut down the operations of the REvil ransomware gang.
Raids were conducted today at 25 residents owned by 14 members suspected to be part of the REvil team across Moscow, St. Petersburg, Leningrad, and the Lipetsk regions.
Authorities said they seized more than 426 million rubles, $600,000, and €500,000 in cash, along with cryptocurrency wallets, computers, and 20 expensive cars.
“The detained members of the [organized criminal structure] were charged with committing crimes under Part 2 of Art. 187 ‘Illegal circulation of means of payment’ of the Criminal Code of Russia,” the FSB said in a press release today.
The FSB, which serves as Russia’s internal intelligence agency, said it conducted its operation at the request of US authorities, which were notified of their results.
The raid comes after President Biden and US authorities have pressured Russian President Vladimir Putin repeatedly over the summer to crack down on the Russian underground cybercrime ecosystem, which harbors many of today’s top ransomware crews.
Kaseya attack aftermath
The REvil gang was one of the most active ransomware crews last year, being responsible for the attack against JBS Foods, which impacted the meat supply across the US and Australia in May, and the attack on IT provider Kaseya during the 4th of July weekend.
After US authorities started pressuring Russian officials, the REvil gang shuttered operations in July but then attempted a comeback in September before having some of their dark web servers seized by US authorities.
Seven other REvil gang members were also arrested throughout 2021, following operations coordinated by Europol.
The FSB has not released the names of any of the suspects.
“Representatives of the competent US authorities were informed about the results of the operation,” the agency said.
You may also enjoy reading,
- UK bans Chinese CCTV cameras at ‘sensitive’ government locations - 26 November 2022
- Chrome Update: Exploited Zero-Day Vulnerability fixed by Google, the 8th this year - 25 November 2022
- RESEARCH: analytics information related to iPhones include a Directory Services Identifier (DSID) that may be used to identify users - 24 November 2022