REvil Ransomware Gang Shut Down by Russian Authorities

It looks like the Russian authorities may finally be playing ball, as several members of the REvil ransomware gang are arrested and charged.

Russia’s security bureau, the FSB, say they have arrested and charged 14 members of the REvil ransomware gang. 25 addresses were raided, “based on the appeal of the US competent authorities”. The United States had previously offered a reward of up to $10m for information related to the gang. However, it’s not believed that any of those arrested have been extradited to the US. According to the Russian authorities, REvil has “ceased to exist”. The 14 have been charged under Article 187 of the Russian criminal code, which concerns “illegal turnover of means of payments”. The FSB also said that they have seized more than 426m roubles, around £4m, including hundreds of thousands of pounds worth of cryptocurrency. The arrest of the gang members and apparent demise of REvil marks a turning point in cyber-relations between the US and Russia. For many years, Russia has been accused of turning a blind eye to cybercrime, and faced accusations of allowing ransomware hackers safe harbour in the country.  

REvil is one of the most notorious ransomware gangs to have ever existed. Back in March 2021, REvil launched an attack on Acer, stealing data inckuding private financial documents. In April 2021, REvil claimed to have stolen plans for upcoming Apple products from Quanta Computer, a Taiwanese company that assembles their products. Rather than simply encrypting the files, the ransomware gang threatened to leak details of Apple’s upcoming products unless the ransom was paid. After Quanta refused to pay up, REvil began leakng blueprints for the products before they were officially launched. In July 2021, they were behind a ransomware attack on Miami-based IT firm Kaseya, which affected hundreds of businesses in the US and beyond; an effected grocery chain in Sweden had to close 800 of its stores.