Revil ransomware hacker
© FSB / public
The Russian Federal Security Service (FSB) announced on Friday that it has raided and shut down the operations of the notorious REvil ransomware gang.

The unprecedented move — which will undoubtedly send a message to other ransomware groups operating out of the country — saw the Russian authorities conduct raids at 25 addresses across the Moscow, St. Petersburg and Lipetsk regions that belonged to 14 suspected members of REvil.

The gang, which shut down its operations in July before a failed comeback in September, is believed to have orchestrated some of the most damaging attacks of the past 12 months, including those targeting Colonial Pipeline, JBS Foods and U.S. technology firm Kaseya.


Comment: Actually, there's good reason to believe that at least some of the above hacks were actually the work of the CIA: Toshiba hacked by DarkSide, Kaspersky founder suggests CIA may be behind group's Colonial Pipeline attack


The FSB said it seized more than 426 million rubles and €500,000 (about $6 million), as well as $600,000 in cash, and cryptocurrency wallets, computers and 20 high-end cars.

In a statement, the FSB said it conducted the search operation at the request of U.S. authorities, which were notified of their results.


Comment: One can't imagine the US being so cooperative.


The detained members of the ransomware gang were charged under Russian law for the alleged "illegal circulation of means of payment." Russian authorities have not released the names of any of the suspects.

"As a result of joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized," the FSB said in a statement.

News of the FSB's surprise operation comes just two months after the U.S. Department of Justice charged a 22-year-old Ukrainian citizen linked to the REvil ransomware gang for orchestrating the July ransomware attack against U.S. technology firm Kaseya. Seven other REvil gang members were also arrested throughout 2021 following operations coordinated by Europol. In July, President Biden urged Russia to follow suit, pressuring Russian President Vladimir Putin to take action to disrupt these criminal gangs.

The action taken by the FSB also comes just hours after a major cyberattack took down government websites in Ukraine on Friday, including websites for the foreign ministry, national security and defense council and the government's cabinet of ministers. Officials said it was too early to draw any conclusions but they pointed to a "long record" of Russian cyber assaults against Ukraine.