FSB Arrested 8 Individuals Believed to Be Part Of the REvil Ransomware Group
Researchers State that the Charged Suspects Are Not the Main Members of the Notorious Gang.
Russian police have arrested eight individuals believed to have connections to the REvil ransomware gang, and they are now facing criminal charges for their illicit activities.
How Did the REvil Ransomware Gang Members Get Caught?
Last week, the Federal Security Service of the Russian Federation, Russia’s principal security agency and the main successor agency to the Soviet Union’s KGB, has announced raids at the residences of 14 people suspected of having ties to the well-known REvil ransomware organization.
According to BleepingComputer, the intervention was carried out in collaboration with the Russian Interior Ministry after US officials reported on the group’s leader and requested that cybercriminals based in Russia be brought to justice.
The suspects’ identities were disclosed last week when the Tverskoi Court in Moscow used the documents of their arrest to identify eight of them. The arrested individual’s names are:
- Muromsky Roman
- Bessonov Andrey
- Golovachuk Mikhail A.
- Zayets Artem N.
- Khansvyarov Ruslan A.
- Korotayev Dmitry V.
- Puzyrevsky D.D.
- Malozemov Alexei V.
As a precaution, the suspects have been detained for two months, and they are all being investigated for illegally circulating payment methods.
According to Yelisey Boguslavskiy, head of research at AdvIntel, the arrested persons were probably low-level associates rather than the main members of the REvil organization, who create and develop the malware and keep the Ransomware-as-a-Service (RaaS) up and running.
“Yelisey Boguslavskiy, research director at @AdvIntel, said those arrested are likely low-level affiliates — not the people who ran the ransomware-as-a-service, which disbanded in July.”
— Yelisey Boguslavskiy (@y_advintel) January 15, 2022
As per TASS Russian News Agency, all those taken into custody have been charged with a crime under Part 2 of Article 187 of the Russian Federation’s Criminal Code, which carries a sentence of five to eight years in jail.
A senior Biden administration official declared that one of the 14 raided suspects was also accountable for the ransomware attack on Colonial Pipeline that forced the company to shut down. The malware was first distributed by the DarkSide ransomware gang, which was later renamed BlackMatter.
Major Attacks Conducted by REvil Ransomware Group
The REvil ransomware group is behind some of the most well-known ransomware attacks, such as the attack on meatpacking organization JBS, which paid an $11 million ransom, and Kaseya, the biggest ransomware attack on record where the hackers accessed its customers’ data and demanded a $70 million ransom.
Since its emergence in early 2019, the REvil ransomware campaign had acquired more than $200 million in revenue and encrypted at least 175,000 systems, as per the U.S. Department of Justice.
The FSB of Russia established the full composition of the REvil criminal community and the involvement of its members in the illegal circulation of means of payment, and documented illegal activities.
According to BleepingComputer, law enforcement discovered and seized over $6.6 million in fiat and cryptocurrency during raids at 25 addresses belonging to 14 individuals believed to be members of the REvil ransomware group.
How Can Heimdal™ Help?
In the fight against ransomware, Heimdal™ Security is offering its customers an outstanding integrated cybersecurity suite including the Ransomware Encryption Protection module, that is universally compatible with any antivirus solution, and is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).