Russia shuts down REvil hacking group at US request – FSB


MOSCOW, Jan 14 (Reuters) – Russia has dismantled ransomware crime group REvil at the request of the United States in an operation in which it has arrested and charged members of the group, the domestic intelligence agency FSB said on Friday.

The arrests were a rare overt display of US-Russia cooperation at a time of high tension between the two over Ukraine. The announcement came as Ukraine responded to a massive cyberattack that shut down government websites, although there was no indication the incidents were linked. Continue reading

The United States welcomed the arrests, according to a senior administration official, adding, “We understand that one of the individuals arrested today was responsible for the attack on the Colonial Pipeline last spring.”

Sign up now for FREE unlimited access to

to register

A May cyberattack on the Colonial Pipeline, which led to widespread gas shortages on the US East Coast, used encryption software called DarkSide, developed by REvil employees.

A police and FSB operation searched 25 addresses and arrested 14 people, the FSB said, listing confiscated assets including 426 million rubles, $600,000, 500,000 euros, computer equipment and 20 luxury cars.

A Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov and held them in custody for two months. Muromsky could not be reached for comment and his phone was off. Reuters could not immediately reach Bessonov.

Two Muscovites told Reuters Muromsky was a web developer who helped them with websites for their businesses.

Russia has directly informed Washington of the steps it has taken against the group, the FSB said. The US Embassy in Moscow said it could not comment immediately.

“The investigative measures were based on a request from … the United States,” the FSB said. “… The organized criminal organization has ceased to exist and the information infrastructure used for criminal purposes has been neutralized.”

The REN TV channel broadcast footage of agents raiding homes and arresting people, pinning them to the ground and confiscating large stacks of dollars and Russian rubles.

The members of the group have been charged and could face up to seven years in prison, the FSB said.

A source familiar with the case told Interfax that the group’s members, who have Russian citizenship, would not be extradited to the United States.

The United States announced in November that it is offering a reward of up to $10 million for information leading to the identification or location of individuals with key positions in the REvil group.

The United States has been hit with a string of high-profile hacks by ransom-demanding cybercriminals. A source with direct knowledge of the matter told Reuters in June that REvil is suspected of being the group behind a ransomware attack on the world’s largest meatpacking company, JBS SA (JBSS3.SA).

Washington has repeatedly accused the Russian state of malicious activity on the Internet in the past, which Moscow denies.

REvil hasn’t been associated with any major attacks for months.

John Shier, a threat researcher at British cybersecurity firm Sophos, said there was no independent confirmation that the self-proclaimed leaders of the “defunct” group had been arrested.

“Last but not least, it serves as a warning to other criminals that operations from Russia may not be the safe haven they thought it was,” he said.


A former client of Muromsky, who gave only the name Sergei, described him as an ordinary worker who did not appear wealthy.

Sergei runs a shop called Motohansa that sells motorcycle spare parts. Muromsky created his website and supported it for some time, charging him around 15,000 rubles ($196) a month, he said.

“He’s a smart person and I imagine he could if he wanted to (hack) but he charged very little for his services. A few years ago he had a Rover car. This is not an expensive car at all. ‘ said Sergei.

Muromsky is in his 30s and was born in Anapa in southern Russia, he said. “He worked as a normal programmer.”

Another client, Adam Guzuyev, described Muromsky as “a regular, regular worker” who proved unable to install all the features Guzuyev wanted on his website.

“He earned no more than 60,000 rubles. I can’t say he has brilliant skills,” he said, adding that Muromsky worked on his website for three months.

Sign up now for FREE unlimited access to

to register

Reporting by Gabrielle Tétraut-Farber and Maria Tsvetkova; additional reporting by Anton Zverev and Polina Nikolskaya; writing by Tom Balmforth; Edited by Alison Williams, Peter Graff, Mark Potter and Richard Chang

Our standards: The Thomson Reuters Trust Principles.


About Author

Comments are closed.