One of the REvil members arrested by FSB was behind Colonial Pipeline attack

Pierluigi Paganini January 15, 2022

A senior Biden administration official said that the one of the Russian hacker arrested by FSB was behind the Colonial Pipeline attack.

Yesterday, the Russian Federal Security Service (FSB) announced to have dismantled the REvil ransomware operation and arrested 14 alleged members of the gang. The group that is behind a long string of attacks against large organizations across the world, including Kaseya and JBS USA.

A senior Biden administration official on Friday declared that one of the Russian hackers arrested by the FSB is responsible for the ransomware attack that hit the Colonial Pipeline last in 2021.

“We understand that one of the individuals who was arrested today was responsible for the attack against Colonial Pipeline last spring,” a senior administration official told reporters during a press conference. “I also want to be very clear: In our mind, this is not related to what’s happening with Russia and Ukraine.  I don’t speak for the Kremlin’s motives, but we’re pleased with these initial actions.” the official added.

Russian authorities also reported to have seized 20 luxury cars along with cryptocurrency and fiat money:

  • more than 426 million rubles (approximately $5,5 million)
  • 600 thousand US dollars
  • 500 thousand euros (approximately $570,000)

REvil members are also accused to have stolen money from the bank accounts of foreign citizens.

The attack against Colonial Pipeline was carried out by a ransomware gang known as DarkSide, but according to the senior official, one of the members of the now-defunct group was also involved in REvil operations.

The official did not name the man, he also remarked that the arrests were the result of an effort requested by the US Government to the Russian one during last year’s meeting between President Joe Biden and Russian peer Vladimir Putin.The Biden official, who briefed reporters on condition of anonymity, said the administration believes the activity by Russia’s internal intelligence agency is “not related to what’s happening with Russia and Ukraine,” adding that the White House has been clear it will impose “severe costs” on the Kremlin in coordination with Western allies.

“We’re committed to seeing those conducting ransomware attacks against Americans brought to justice, including those that conducted these attacks on JBS, Colonial Pipeline, and Kaseya.” added the official. “We’ve also been very clear: If Russia further invades Ukraine, we will impose severe costs on Russia in coordination with our allies and partners. As the President has said, cyber criminals are resilient and we will continue to take action to disrupt and deter them while engaging in diplomacy, as we have with Russia, allies, and partners around the world.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, REvil ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment