Affiliate

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates – Krebs on Security
Written by publishing team

The Russian government said today that it has arrested 14 people accused of working for “theRevel, “A particularly aggressive ransomware group that extorted hundreds of millions of dollars from victim organizations. The Russians Federal Security Service The FSB said the measures were taken in response to a request from US officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin’s decision to deploy 100,000 troops along the country’s border with Ukraine.

FSB headquarters on Lubyanka Square, Moscow. Photo: Wikipedia.

The Federal Security Service said it had arrested 14 members of the REvil ransom program, and searched more than two dozen addresses in Moscow, Saint Petersburg, Leningrad and Lipetsk. As part of the raids, the Federal Security Service seized more than 600,000 US dollars, 426 million rubles (about 5.5 million US dollars), 500,000 euros, and 20 “luxury cars” purchased with money obtained from cybercrime.

“The search activities were based on the appeal of the US authorities, who reported on the leader of the criminal community and his involvement in the infringement of information resources of foreign high-tech companies by introducing malware, encrypting information and extorting money for decryption,” the FSB said. “Representatives of the relevant US authorities have been informed of the results of the operation.”

The FSB did not reveal the names of any of the detainees, despite a report from the Russian news agency tast He mentions two of the defendants: Roman Gennadievich Muromsky, And Andrei Sergeevich Bessonov. Russian media outlet RIA Novosti They released video footage from some of the raids:

REvil is widely believed to be the embodiment of GandCrab, the Russian-language ransomware affiliate that boasted of stealing more than $2 billion when it closed its store in the summer of 2019. Over the next roughly two years, REvil’s “Happy Blog” has been releasing data A journalist names and exposes dozens of new victims every week. An analysis by IBM researchers in February 2021 found that the REvil gang earned more than $120 million in 2020 alone.

But that all changed last summer, when REvil worked with another ransomware group – The dark side – attack colonial pipeline, causing fuel shortages and soaring prices across the United States. A few months later, law enforcement in multiple countries allowed investigators to hack the REvil gang’s operations and force the group offline.

In November 2021, Europol It announced that it has arrested seven REvil affiliates who have collectively filed ransom claims of more than $230 million since 2019. Meanwhile, US authorities unveiled two indictments against a pair of accused REvil cybercriminals, which referred to the men as “REvil.” Affiliate #22″ and “REvil Affiliate #23.”

Apparently the US authorities have known for some time the real names of Revell’s top leaders and money makers. Last fall, President Biden told Putin that he expected Russia to act when the United States shared information about certain Russians involved in ransomware activity.

Why now? Russia has amassed nearly 100,000 troops along its southern border with Ukraine, and diplomatic efforts to defuse the situation have reportedly collapsed. Washington Post Other media reported today that the Biden administration accused Moscow of sending saboteurs into eastern Ukraine to orchestrate an incident that could give Putin an excuse to order an invasion.

“The most interesting thing about these arrests is the timing,” he said. Kevin Bren, director of threat research at Immersive Labs. “For years, the Russian government’s policy on cybercriminals has been less than proactive to say the least. With Russia and the United States currently at the diplomatic table, these arrests are likely part of a much broader, multi-layered political negotiation.”

President Biden warned that Russia could expect severe sanctions if it chose to invade Ukraine. But Putin, in turn, said that such sanctions could lead to a complete severance of diplomatic relations between the two countries.

Dmitriy AlperovichThe REvil arrests in Russia have been dubbed “ransomware diplomacy.”

“This is Russian anti-ransomware diplomacy,” Alperovich said on Twitter. “It’s a signal to the United States – if you don’t enact tough sanctions against us because of the invasion of Ukraine, we will continue to cooperate with you on ransomware investigations.”

REvil arrests have been announced as several government websites in Ukraine have been defaced by hackers with an ominous message warning Ukrainians that their personal data is being uploaded to the Internet. “Fear and expect the worst,” the letter warned.

Experts say there is good reason to be afraid of Ukraine. Ukraine has long been used as a testing ground for Russia’s offensive hacking capabilities. State-backed Russian hackers have been blamed for the December 23, 2015 cyber attack on Ukraine’s power grid, which left 230,000 customers shivering in the dark.

The warning was left behind on Ukrainian government websites that have been defaced for the past 24 hours. The same statement is written in Ukrainian, Russian and Polish.

Russia is also suspected of launching NotPetya, a large-scale cyber attack that initially targeted Ukrainian companies and that ended up spreading a highly disruptive and costly global malware outbreak.

He said that although there was no clear attribution of these recent attacks to Russia, there was reason to be suspicious of Russia. David savedDeputy Director of the Coalition for Securing Democracy.

These are tried and true Russian tactics. Russia used cyber and information operations in the run-up to its invasion of Georgia in 2008. It has long conducted large-scale cyber attacks against Ukrainian infrastructure, as well as information operations targeting Ukrainian soldiers and citizens. And it is not entirely surprising that it will use these tactics now when it becomes clear that Moscow is looking for any excuse to invade Ukraine again and blame the West in its usual cynical manner.”

*** This is a blog compiled from Krebs on Security Blogger Network written by BrianKrebs. Read the original post at: https://krebsonsecurity.com/2022/01/at-request-of-us-russia-rounds-up-14-revil-ransomware-affiliates/

About the author

publishing team