Russia Busts Revil Ransomware Group on US Request, Arrests 14 Members

Russian law enforcement agencies have dismantled the notorious hacking group Revil, believed to be behind ransomware attacks in the U.S. involving cryptocurrency. Although Moscow is unlikely to hand over Russian citizens to Washington, the operation has been carried out on request from the United States, despite heightened geopolitical tensions between the two powers.

Russia’s FSB Hits Cybercrime Group Revil

On Friday, the Federal Security Service of the Russian Federation (FSB) announced it has conducted raids against Revil in the capital Moscow, St. Petersburg, Leningrad, and Lipetsk regions, together with the Investigative Department of the Ministry of Internal Affairs (MVD). Law enforcement officers searched 25 addresses and detained 14 alleged members of the organized crime group.

Funds worth over 426 million rubles ($5.6 million) including cryptocurrency, $600,000 and €500,000, as well as crypto wallets, computer equipment used to commit crimes, and 20 high-end vehicles purchased with money obtained from criminal activities were seized, the FSB detailed in a press release, emphasizing:

As a result of the joint actions of the FSB and the MVD, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized.

FSB added that the arrested individuals have developed malicious software and organized the theft of funds from foreign bank accounts. Russian officials claim to have “established the full composition” of Revil and the involvement of its members in the “illegal circulation of means of payment and documented illegal activities.”

US Welcomes Russian Actions Against Hackers

Russia’s main law enforcement agency also said that the operation has been conducted on request of the respective U.S. authorities who shared information about Revil’s presumed leader and his part in attacks on foreign high-tech companies through malicious software used to encrypt data and extort money for its decryption.

The Russian Interfax news agency reported that the Tverskoy Court of Moscow has held two Russians in custody until March 13 — Roman Muromsky, a 33-year-old entrepreneur and web developer with no previous convictions, and Andrei Bessonov, alleged Revil hacker. They have been charged with committing crimes under Part 2 of Art. 187 — “Illegal circulation of means of payment” — of Russia’s Criminal Code. The MVD has asked the court for similar measures against another three detainees.

Revil has been blamed for high-profile crypto ransomware hits in the United States, including the one on the Colonial Pipeline which caused gas shortages on the American East Coast last May. Its perpetrators used ‘Darkside’ encryption software believed to have been developed by the group. Another case was the attack on the world’s biggest meat packing company, JBS, as Reuters reported in June.

In its announcement, FSB noted that Russia has informed U.S. authorities about the results of the operation. The United States welcomed the arrests, with Reuters quoting a senior official as stating: “we understand that one of the individuals who was arrested today was responsible for attack against Colonial Pipeline last spring.” A source familiar with the investigation told Interfax that Russia is not going to extradite any Revil members with Russian citizenship to the U.S.

Do you expect Russia and the U.S. to cooperate on other cases of cyberattacks involving ransomware and cryptocurrency? Tell us in the comments section below.