The Federal Security Service (FSB) of the Russian Federation says that they shut down the REvil ransomware gang after U.S. authorities reported on the leader.
More than a dozen members of the gang have been arrested following police raids at 25 addresses, the Russian security agency says in a press release today.
“The basis for the search activities was the appeal of the competent US authorities, who reported on the leader of the criminal community and his involvement in encroachments on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption” – Russia’s Federal Security Service
Russian authorities have detained 14 individuals suspected to be part of the REvil ransomware-as-a-service (RaaS) operation and confiscated cryptocurrency and fiat money as follows:
more than 426 million rubles (approximately $5,5 million)
600 thousand US dollars
500 thousand euros (approximately $570,000)
Russian authorities also confiscated 20 luxury cars purchased with money obtained from cyberattacks, computer equipment and cryptocurrency wallets used to develop and maintain the RaaS operation.
Footage from the raids available below shows how officers detained the suspects and confiscated money and electronics:
The raids took place at addresses in Moscow, St. Petersburg, Leningrad, and Lipetsk regions.
The FSB says that it was able to identify all members of the REvil gang, documented their illegal activities, and establish their participation in “illegal circulation of means of payment.”
Apart from creating the file-encrypting malware and deploying it on enterprise networks across the globe, REvil members were also involved in stealing money from the bank accounts of foreign citizens.
“As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized” Russia’s Federal Security Service
The FSB says that they informed the representatives of the competent U.S. authorities about the results of the operation.