The Russian intelligence services (FSB) carried out an operation against the cybercriminal group REvil, resulting in several charges and the identification of all the members of this network, they announced on Friday January 14 in a press release. This action was initiated “at the request of the competent American authorities”, who have been “informed of the results”, the agency added.
The REvil group (also known as Sodinokibi), which appeared in 2019, is one of the largest criminal networks in the world practicing ransomware attacks. With these malicious tools used on the computer network of a company or an administration, they encrypt the content of computers, paralyze the network and demand a ransom in cryptocurrencies in exchange for the decryption key.
In its press release, the FSB claims to have carried out searches at 25 addresses linked to 14 suspects: 426 million rubles (4.9 million euros), 600,000 dollars and 500,000 euros were seized, as well as cryptocurrency wallets and about twenty luxury cars. The agency indicates that several people were arrested, without specifying their exact number, but adding that it thus dismantled the entire cybercriminal group. According to several Russian media, one of the arrested suspects has been publicly identified as a 33-year-old man who graduated from Moscow State Technological University.
The United States “satisfied”
“We are satisfied with these initial measures”, commented for his part an official of the American administration in Washington. “But I want to be clear: this has nothing to do with what is happening with Russia and Ukraine”.
“We have always been very clear: if Russia invades Ukraine further, we will impose severe costs on it in cooperation with our allies and partners”, added this official who requested anonymity. She confirmed that these arrests were the result of cooperation with the Russian authorities. Washington attributes these arrests to “exchanges that took place in terms of sharing information and calling on Russia to take action”, did she say.
Several large-scale attacks
This criminal organization has made several very important victims, including an Apple subcontractor, Quanta, or the American subsidiary of the Brazilian group in the meat sector JBS. REvil, suspected of being the emanation of GandCrab, another ransomware operator, is the subject of investigations by the FBI in the United States and the brigade against cybercrime (BL2C, within the prefecture of Paris police) in France. The procedures targeting this type of criminal organization can be sprawling: the operators of REvil indeed rent their malware to “affiliates”, accomplices who can work with several different groups and who specialize in intrusion within networks. computers of their victims. In October, the media The time and BR24 had also revealed that German federal investigators had identified Nikolay K. (name changed), a Russian citizen suspected of being one of REvil’s masterminds.
Several police operations have targeted REvil “affiliates” in recent months. On November 8, the United States announced the arrest in Poland of Yaroslav Vasinsky, a Ukrainian suspected of carrying out several attacks on behalf of this group in 2019 and 2021, including the large-scale attack on the American company. Kaseyah. Another Ukrainian, Evgeniy Igorevich Polyanin, was also charged at the same time, but without being arrested. He is notably suspected of having carried out, in 2019, an attack against nearly 40 municipalities in Texas. Also on November 8, Europol announced the arrest of two suspects in Romania and another in Kuwait, after four others in South Korea and Europe in the previous months. Finally, in October, US authorities announced that the technical infrastructure used by REvil had been targeted by a joint operation by the FBI and its international partners.
This action by the Russian authorities, a fortiori at the request of the United States, is a major rebound in the field of cybercrime. In recent months, Washington has raised its voice against the Kremlin, accused of turning a blind eye to the activities of criminal organizations on its territory, and particularly those of groups carrying out ransomware attacks. In July, US President Joe Biden, during a phone call, urged his counterpart Vladimir Putin to intervene against groups identified as acting from Russia. A few months later, the American media had revealed that the authorities of the United States had communicated to the Russian intelligence services information concerning activities related to ransomware taking place on their territory.
–
