What just happened? Russia’s FSB has arrested members of REvil, a ransomware group responsible for many cyber attacks across the United States last year, including the Kaseya attack. In the midst of the arrest, the FSB seized millions of dollars in cash and assets.
According to machine translation of the FSB announcement, the Russian agency raided 25 addresses belonging to 14 people. During the raids, it was about 426 million rubles (about $ 5.6 million), $ 600,000 USD, 500,000 Euros, computers, crypto-wallets and 20 cars. The FSB charged the suspects with “illegal circulation of means of payment.”
The raids took place at the request of US authorities after they reported a member of the group. That part of the FSB’s announcement may be a reference to Operation GoldDust, in which Romanian police arrested two people linked to REvil last November. In October, German authorities claimed to have identified a REvil member on holiday in the Mediterranean.
Below is a video of the FSB’s REvil raids pic.twitter.com/Oh7Ef2GpQO
– Catalin Cimpanu (@campuscodi) January 14, 2022
Last summer, REvil’s ransomware software was responsible for the cyber attack on the business platform Kaseya, which affected hundreds of US companies. Shortly afterwards, President Joe Biden made it clear that he wanted the Russian government to act on the activities of gangs like REvil, which operates from inside Russia. The country has been accused of turning a blind eye to the actions of the gangs as long as they do not attack anyone inside Russia.
A US official told The Washington Post that a person arrested by the FSB was involved in the Colonial Pipeline cyberattack, which was claimed by another ransomware group – DarkSide. It is possible that the individual worked for both DarkSide and REvil.
The message from the FSB comes around the same time as the servers of the Ukrainian government were attacked. No one has taken responsibility for the cyber attack, but it happened amid fears of a Russian invasion of Ukraine, which the Ukrainian government suspects would begin with cyber attacks on the country’s infrastructure. Over 100,000 Russian troops are currently assembled near the Ukrainian border.