Russia shuts down REvil hacking group at US request


By Tom Balmforth and Gabrielle Tetrault Farber

MOSCOW (Reuters) – Russia has launched a special operation against ransomware crime group REvil at the request of the United States and has arrested and charged the group’s members, the domestic intelligence agency FSB said on Friday.

The arrests were a rare overt demonstration of cooperation between Russia and the United States at a time of high tension between the two over Ukraine. The announcement even came as Ukraine responded to a massive cyberattack that shut down government websites, although there was no indication the incidents were linked.

A joint police-FSB operation searched 25 addresses and arrested 14 people, the FSB said, listing confiscated assets including 426 million rubles, $600,000, 500,000 euros, computer equipment and 20 luxury cars.

Russia has directly informed the United States of the steps it has taken against the group wanted by Washington, the FSB said on its website. The US Embassy in Moscow said it could not comment immediately.

“The investigative measures were based on a request from … the United States,” the FSB said. “… The organized criminal organization has ceased to exist and the information infrastructure used for criminal purposes has been neutralized.”

The REN TV channel broadcast footage of agents raiding homes and arresting people, pinning them to the ground and confiscating large stacks of dollars and Russian rubles.

The members of the group have been charged and could face up to seven years in prison.

A source familiar with the case told Interfax that the group’s members, who have Russian citizenship, would not be extradited to the United States.

The United States announced in November that it is offering a reward of up to $10 million for information leading to the identification or location of individuals with key positions in the REvil group.

The United States has been hit with a string of high-profile hacks by ransom-demanding cybercriminals. A source with direct knowledge of the matter told Reuters in June that REvil is suspected of being the group behind a ransomware attack on the world’s largest meatpacking company, JBS SA.

Washington has repeatedly accused the Russian state of malicious activity on the Internet in the past, which Moscow denies.

Russia’s announcement comes amid a standoff between the United States and Russia. Moscow is demanding Western guarantees, including that NATO will not expand any further. It has also built up its troops near Ukraine.

(Reporting by Gabrielle Tétrault-Farber; Additional reporting by Anton Zverev; Writing by Tom Balmforth; Editing by Jon Boyle, Alison Williams, Peter Graff)


About Author

Comments are closed.