The basis for the search activities, according to the intelligence service, was “the appeal of the competent US authorities, who reported the leader of the criminal community and his involvement in encroachments on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption.”
“The FSB of Russia has established the full composition of the REvil criminal community and the involvement of its members in the illegal circulation of means of payment, and documentation of illegal activities has been carried out. In order to implement the criminal intent, these persons developed malicious software, organized the theft of funds from the bank accounts of foreign citizens and their cashing out, including through the purchase of expensive goods on the Internet,” the FSB said.
The intelligence agency said 14 suspects seized at 25 addresses at places of stay over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets, 20 premium cars “purchased with money obtained by criminal means.”
The detainees were suspected Part 2 Art. 187 of the Criminal Code of the Russian Federation (illegal circulation of means of payment).
“As a result of the joint actions of the FSB and the Russian Ministry of Internal Affairs, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized. Representatives of the competent US authorities were informed about the results of the operation,” the report says.
The identities of the detainees were not disclosed. But, as noted Radio Svoboda, January 14 It became known that the Tverskoy Court of Moscow detained for two months until March 13 alleged hackers from REvil, Russians Roman Muromsky and Andrei Bessonov, detained at the request of the United States.
Senior White House cybersecurity official during a Jan. 14 press call declaredthat the US “applauds that the Kremlin is taking law enforcement action to combat ransomware emanating from its borders.”
“It is our understanding that one of the people arrested today is responsible for the attack on the Colonial Pipeline last spring. We are committed to ensuring that those who carried out ransomware attacks against Americans are brought to justice, including those who carried out these attacks. on JBS, Colonial Pipeline and Kaseya. I also want to be clear: in our opinion, this is not related to what is happening with Russia and Ukraine. I’m not talking about the Kremlin’s motives, but we are pleased with these initial actions,” he said.
The official said that in June 2021, U.S. President Joe Biden and Russian President Vladimir Putin created a group of White House and Kremlin experts on ransomware.
“We met through this channel and discussed the need for Russia to take action against ransomware criminals operating inside their borders. We also shared information about individuals operating from Russia who carried out subversive attacks on critical US infrastructure,” he said.
The official said that the United States expects those detained by the Russian state to be prosecuted under its legal system.
“We expect Russia to announce arrests and that Russia will pursue legal action within its own system against these criminals for the crimes they have committed. That is our expectation. And indeed, in your opinion, we expect them to be brought to justice.” not only for their past crimes, but also to prevent future ones,” he added.
Grouping REvil carried out cyberattacks on companies using programs, encrypting their data, and then demanded a ransom for the return of access to them.
On May 9, it became known about the cyber attack на Colonial Pipeline. This pipeline transports 45% of diesel, kerosene and gasoline to the US East Coast. Due to a cyberattack, his work was blocked until May 13. According to media reports, Colonial Pipeline paid the hackers who staged the cyberattack $5 million ransom.
The FBI has confirmed that the Colonial Pipeline hack carried out by the Darkside group. “There are good reasons to believe that the perpetrators of the attack, live in Russia“, Biden said. He noted that the FBI does not consider the government or the president of the Russian Federation involved in the attack.
Putin stated that Russia has nothing to do with the cyberattack on the Colonial Pipeline. He also said that Russia is not in the list of countries from which the largest number of cyberattacks in the world.
Biden on June 16, after a meeting with Putin, said that he had given him list of 16 critical sectors, which must be protected from cyberattacks.
July 2 cyberattack on software maker Kaseya, which affected more than 1000 enterprises in various countries of the world. In particular, it affected the largest grocery supermarket chain in Sweden, Coop, and in Germany IT company suffered with thousands of clients. In total, enterprises in 17 countries suffered from the attack, reported Associated Press.
After the attack REvil hackers demanded $70 million for unlocking damaged systems.
President of the U.S.A Joe Biden instructed intelligence to studywho is behind the cyberattack on Kaseya. He threatened Russia with a response if she was involved.
After Biden’s conversation with Putin in July 2021 Sites have disappeared from the DarkNetassociated with the REvil hacker group.
November 8 US Department of the Treasury added Ukrainian citizen Yaroslav Vasinsky to the sanctions list for organizing cyber attacks on American companies as part of the REvil group. On the same day, FBI Director Christopher Wray informedthat Vasinsky was detained in Poland, where he is awaiting extradition to the United States.
US State Department promised a $10 million reward for information about the leaders of the REvil group and their whereabouts.
–
– .
