The REvil ransomware group is feeling the heat as arrests and seizure of assets mount. This global cybercrime organization has been responsible for dozens of attacks, causing millions of dollars in damages. But law enforcement is finally starting to catch up with them, and they are starting to see the consequences for their actions.
REviL – ransomware-as-a-service
In 2020, REvil, also known as Sodinokibi, emerged as a provider of malware through a subscription-based model to other threat organizations. The ransomware has been used in several attacks on major businesses, but the most disruptive of them all was the JBS Foods attack in May 2019 that caused significant disruptions in meat processing and delivery in the United States. As a result, in November 2020, the US Department of Justice announced a $10 million reward for information leading to the identification or location of key members of the REvil organization, as well as a $5 million bounty for any affiliate’s arrest and conviction.
In June 2021, after a meeting with Russian President Vladimir Putin, President Biden said that they had agreed to bring together cybersecurity experts from the two nations to establish “specific understandings about what’s off limits” from cyber activity and how the US and Russia each would “follow up” on cyberattacks that “originate in either of our countries.”
“Responsible countries need to take action against criminals who conduct ransomware activities on their territory.”
President Joe Biden
A crackdown by the Russians
The agreement between the two presidents appears to have borne fruit. On January 21, 2022, the Federal Security Service (FSB) of Russia announced that it had arrested 14 REvil gang members and conducted 25 searches connected with them in efforts to disrupt REvil’s massive ransomware activities. The FSB seized roughly $6.8 million in various currencies as well as 20 luxury automobiles, cryptocurrency wallets, and computer equipment.
Following the REvil arrests, experts from Trustwave that monitor underground forums noticed significant anxiety and consternation among Eastern-European cybercriminals. Many threat actors appeared to be less confident in Russia being a safe haven for their activities. They also expressed serious concerns that further cooperation between Russian and US authorities might cause serious problems for them in the future.
The FSB’s surprise arrests have clearly shaken that cybercriminals’ sense of complacency and impunity considerably. Some even have begun discussing the potential of moving operations to India, the Middle East, China, and even Israel.
“We’ve observed that threat actors [have been] shaken out of previously feeling invulnerable to now feeling some instability, fear, and paranoia. … The level of fear of being arrested and the discussion around the possibility that their homeland is no longer a safe haven are unique. There is serious concern that cooperation between the United States and Russia will be a problem for their operations going forward.”
Karl Sigler, senior security research manager at Trustwave SpiderLabs
The Battle for Sicily’s Soul – Order from your Favourite Retailer Below
Disclosure: Please note that some of the links in this post are affiliate links. When you use one of these affiliate links, the company compensates us. At no additional cost to you, we will earn a commission, which helps us run this blog and keep our in-depth content free of charge for all our readers.
