The Russian government said Friday that it raided multiple addresses tied to members of the REvil ransomware gang, making arrests and seizing hard cash, cryptocurrency, computers and cars.
The Federal Security Service, or FSB, said it executed the sting at locations in Moscow, St. Petersburg and elsewhere. The operation came at the request of the United States, the FSB said. The FBI did not immediately respond Friday morning to requests for comment.
“Representatives of the competent US authorities were informed about the results of the operation,” the FSB said, according to a translation of its news release.
The U.S. has reportedly passed along to Russia the names of hackers within its borders who have been behind active attacks on America, hoping it would lead to a Russian crackdown. Russian President Vladimir Putin said last summer that his country had agreed to enter into “consultations” on cybersecurity with the U.S., but shared no specifics.
Russian state-owned news outlet TASS posted video on YouTube that it said was of the arrests.
REvil, one of the most aggressive and successful Russia-based cybercrime groups, had been under pressure from global law enforcement as well as U.S. Cyber Command, which helped to shut down many of the gang’s digital operations last year.
The gang was responsible for a major attack against Florida-based IT firm Kaseya in July 2021. The company estimated that as many as 1,500 of its customers were affected by the incident. Among the victims are New Zealand schools, an international textile company, a Swedish grocery store chain and two Maryland towns.
The group generated about $200 million in ransom payments between April 2019 and June 2021, according to the FBI.
The FSB said Friday it seized 426 million rubles, “including in cryptocurrency,” as well as $600,000 and 500,000 euros. Also captured: “20 premium cars,” a favorite commodity of Russian cybercriminals.
The FBI said in early December that it had seized about $2.3 million in cryptocurrency from a REvil member. Other REvil affiliates were arrested in November 2021 has part of an international operation.
Yaroslav Vasinksyi, the man accused of writing the REvil ransomware — also known as Sodinokibi — was arrested Oct. 8 in Poland at the behest of U.S. authorities. A top White House official declined to say in November whether Russia aided in that arrest.
Reuters quoted unnamed officials as saying any suspect with Russian citizenship is unlikely to be handed over to the United States.
The arrests coincide with Ukraine reporting cyberattacks on several of its government agencies during rising security tensions with Russia.
The post Russia's FSB announces sting against members of REvil cybercrime gang appeared first on CyberScoop.