Tuesday, August 9, 2022
HomeCyber SecurityAt Request of U.S., Russia Rounds Up 14 REvil Ransomware Associates –...

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Associates – Krebs on Safety


The Russian authorities mentioned at the moment it arrested 14 individuals accused of working for “REvil,” a very aggressive ransomware group that has extorted a whole bunch of tens of millions of {dollars} from sufferer organizations. The Russian Federal Safety Service (FSB) mentioned the actions had been taken in response to a request from U.S. officers, however many specialists imagine the crackdown is a part of an effort to cut back tensions over Russian President Vladimir Putin’s determination to station 100,000 troops alongside the nation’s border with Ukraine.

The FSB headquarters at Lubyanka Sq., Moscow. Picture: Wikipedia.

The FSB mentioned it arrested 14 REvil ransomware members, and searched greater than two dozen addresses in Moscow, St. Petersburg, Leningrad and Lipetsk. As a part of the raids, the FSB seized greater than $600,000 US {dollars}, 426 million rubles (~$USD 5.5 million), 500,000 euros, and 20 “premium automobiles” bought with funds obtained from cybercrime.

“The search actions had been primarily based on the attraction of the US authorities, who reported on the chief of the felony group and his involvement in encroaching on the data assets of international high-tech firms by introducing malicious software program, encrypting data and extorting cash for its decryption,” the FSB mentioned. “Representatives of the US competent authorities have been knowledgeable in regards to the outcomes of the operation.”

The FSB didn’t launch the names of any of the people arrested, though a report from the Russian information company TASS mentions two defendants: Roman Gennadyevich Muromsky, and Andrey Sergeevich Bessonov. Russian media outlet RIA Novosti launched video footage from a number of the raids:

REvil is broadly regarded as a reincarnation of GandCrab, a Russian-language ransomware associates program that bragged of stealing greater than $2 billion when it closed up store in the summertime of 2019. For roughly the subsequent two years, REvil’s “Pleased Weblog” would churn out press releases naming and shaming dozens of recent victims every week. A February 2021 evaluation from researchers at IBM discovered the REvil gang earned greater than $120 million in 2020 alone.

However all that modified final summer season, when REvil associates working with one other ransomware group — DarkSide — attacked Colonial Pipeline, inflicting gasoline shortages and worth spikes throughout the USA. Simply months later, a multi-country legislation enforcement operation allowed investigators to hack into the REvil gang’s operations and drive the group offline.

In November 2021, Europol introduced it arrested seven REvil affliates who collectively made greater than $230 million value of ransom calls for since 2019. On the similar time, U.S. authorities unsealed two indictments in opposition to a pair of accused REvil cybercriminals, which referred to the lads as “REvil Affiliate #22” and “REvil Affiliate #23.”

It’s clear that U.S. authorities have identified for a while the true names of REvil’s prime captains and moneymakers. Final fall, President Biden informed Putin that he expects Russia to behave when the USA shares data on particular Russians concerned in ransomware exercise.

So why now? Russia has amassed roughly 100,000 troops alongside its southern border with Ukraine, and diplomatic efforts to defuse the state of affairs have reportedly damaged down. The Washington Put up and different media retailers at the moment report that the Biden administration has accused Moscow of sending saboteurs into Japanese Ukraine to stage an incident that would give Putin a pretext for ordering an invasion.

“Essentially the most attention-grabbing factor about these arrests is the timing,” mentioned Kevin Breen, director of menace analysis at Immersive Labs. “For years, Russian Authorities coverage on cybercriminals has been lower than proactive to say the least. With Russia and the US at present on the diplomatic desk, these arrests are seemingly a part of a far wider, multi-layered, political negotiation.”

President Biden has warned that Russia can anticipate extreme sanctions ought to it select to invade Ukraine. However Putin in flip has mentioned such sanctions may trigger an entire break in diplomatic relations between the 2 nations.

Dmitri Alperovitch, co-founder of and former chief know-how officer for the safety agency CrowdStrike, known as the REvil arrests in Russia “ransomware diplomacy.”

“That is Russian ransomware diplomacy,” Alperovitch mentioned on Twitter. “It’s a sign to the USA — if you happen to don’t enact extreme sanctions in opposition to us for invasion of Ukraine, we’ll proceed to cooperate with you on ransomware investigations.”

The REvil arrests had been introduced as many authorities web sites in Ukraine had been defaced by hackers with an ominous message warning Ukrainians that their private knowledge was being uploaded to the Web. “Be afraid and anticipate the worst,” the message warned.

Consultants say there may be good motive for Ukraine to be afraid. Ukraine has lengthy been used because the testing grounds for Russian offensive hacking capabilities. State-backed Russian hackers have been blamed for the Dec. 23, 2015 cyberattack on Ukraine’s energy grid that left 230,000 prospects shivering at nighttime.

The warning left behind on Ukrainian authorities web sites that had been defaced within the final 24 hours. The identical assertion is written in Ukrainian, Russian and Polish.

Russia additionally has been suspected of releasing NotPetya, a large-scale cyberattack initially geared toward Ukrainian companies that ended up creating a particularly disruptive and costly world malware outbreak.

Though there was no clear attribution of those newest assaults to Russia, there may be motive to suspect Russia’s hand, mentioned David Salvo, deputy director of The Alliance for Securing Democracy.

“These are tried and true Russian techniques. Russia used cyber operations and data operations within the run-up to its invasion of Georgia in 2008. It has lengthy waged huge cyberattacks in opposition to Ukrainian infrastructure, in addition to data operations focusing on Ukrainian troopers and Ukrainian residents. And it’s fully unsurprising that it will use these techniques now when it’s clear Moscow is searching for any pretext to invade Ukraine once more and forged blame on the West in its typical cynical trend.”



Most Popular

Recent Comments