Cyber Crime

Russian government claims to have dismantled REvil ransomware gang

Russia’s FSB announced to have dismantled the REvil ransomware gang, the infamous group behind Kaseya and JBS USA.

The Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang, the group that is behind a long string of attacks against large organizations, such as Kaseya and JBS USA. The FSB claims to have identified all members of the REvil gang and monitored their operations.

The police operation was conducted by Russian authorities following a request by the United States that shared info about members of the gang.

The Russian police arrested 14 alleged members of the ransomware gang and raided 25 addresses seizing computer equipment and cryptocurrency wallets. The raids took place in Moscow, St. Petersburg, Leningrad, and Lipetsk regions

“The Federal Security Service of the Russian Federation, in cooperation with the Investigation Department of the Ministry of Internal Affairs of Russia in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions, stopped the illegal activities of members of an organized criminal community.” states Russia’s Federal Security Service. “The basis for the search activities was the appeal of the competent US authorities, who reported on the leader of the criminal community and his involvement in encroachments on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption. The FSB of Russia established the full composition of the REvil criminal community and the involvement of its members in the illegal circulation of means of payment, and documented illegal activities.”

Russian authorities also reported to have seized 20 luxury cars along with cryptocurrency and fiat money:

  • more than 426 million rubles (approximately $5,5 million)
  • 600 thousand US dollars
  • 500 thousand euros (approximately $570,000)

REvil members are also accused to have stolen money from the bank accounts of foreign citizens.

“The detained members of the OPS were charged with committing crimes under Part 2 of Art. 187 “Illegal circulation of means of payment” of the Criminal Code of Russia. As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized.” FSB’s announcement concludes.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, REvil ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog.…

8 hours ago

Hundred of CISCO switches impacted by bootloader flaw

A bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing attackers to bypass image signature…

19 hours ago

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks<gwmw style="display:none;"></gwmw>

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and…

1 day ago

Operation Destabilise dismantled Russian money laundering networks

Operation Destabilise: The U.K. National Crime Agency disrupted Russian money laundering networks tied to organized…

1 day ago

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6…

1 day ago

China-linked APT Salt Typhoon has breached telcos in dozens of countries

China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries, US govt…

2 days ago

This website uses cookies.