大象传媒

REvil ransomware gang arrested in Russia

  • Published
FSB officers arrest a manImage source, FSB
Image caption,

The FSB has released video footage of the arrests

Authorities in Russia say they have dismantled the ransomware crime group REvil and charged several of its members.

The United States had offered a reward of up to $10m (拢7.3m) for information leading to the gang members, following ransomware attacks.

Russia's intelligence bureau FSB said the group had "ceased to exist".

However, it does not appear that any Russian members of the gang will be extradited to the United States.

The agency said it had acted after being provided with information about the REvil gang by the US.

According to the Russian state news service Tass, REvil "developed malicious software" and "organised the theft of money from the bank accounts of foreign citizens".

The FSB said it had seized more than 426 million rubles (拢4m), including about 拢440,000 worth of crypto-currency.

Image source, FSB
Image caption,

Piles of money were seized by the FSB

It also seized more than 20 "premium cars" which had been purchased with the proceeds of crime.

"The organised criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralised," the FSB said in a statement.

Russia's announcement comes during a standoff between the United States and Russia.

Moscow is demanding Western guarantees, including that Nato will not expand further. It has also built up its troops near the Ukraine border.

Finally some action

These arrests are a monumental moment in cyber-crime and cyber-relations between the US and Russia.

For years, Russia has ignored and denied accusations that Russian ransomware hackers are allowed safe harbour in the country to attack western targets.

In their Geneva Summit last summer, Russia's President Putin and US President Biden agreed to open discussions about how to combat the scourge of ransomware, but even the most optimistic experts had given up on seeing the talks bear fruit.

The Russian authorities arresting the REvil gang on Russian soil is a huge result that few would have predicted.

Although largely disbanded since September last year, REvil was one of the most prolific ransomware gangs, and this arrest sends a huge message to Russian cyber-crime crews: the party is over.

The operation is also the first time in years that the US and Russia have collaborated on a cyber-crime operation.

It may point to a thawing of relations, which is already being widely celebrated in the cyber-security world.

Media caption,

Watch: What is ransomware and how does it work?