Billionaire & most dangerous hacker group finally arrested

Russian authorities claim to have shut down the operations of the REvil ransomware group, after the U.S. government sent them a detailed report on their alleged leader. Russia arrested a total of 12 members of the cybercriminal group, after deploying a total of 25 raids in different locations.

In addition to the arrests, authorities managed to seize nearly 426 million rubles, more than $1 million USD in cash, computer devices, cryptocurrency addresses and 20 luxury cars, purchased with the money obtained from the ransoms.

In its report, the Federal Security Service (FSB) mentions that it was able to identify all members of the REvil gang, document their illegal activities and prove their participation in these illegal practices. In addition to the ransomware operation, REvil also participated in the theft of multiple bank accounts in different countries. Authorities informed U.S. government representatives of the results of the operation.

REvil, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) operation active since 2019 and emerged as a variant of the GandCrab ransomware. Less than a year after its launch, REvil became the most dangerous ransomware group in the world, attacking mainly in the U.S.

During its most important period of activity, the group obtained profits of more than $100 million USD. One of the most devastating attacks deployed by this group was Kaseya, which ended up impacting more than 1,500 companies around the world. At the time, the hackers demanded a ransom of more than $70 million USD.

Since then, U.S. President Joe Biden has called on Vladimir Putin’s administration to take action against ransomware groups, most of them operating from Russia. This operation was also the first to have a representative with the name of UNKN forum and then change to Unknown, who promoted this project among the Russian-speaking hacker community.

This police operation comes after U.S. and international law enforcement organizations teamed up to identify and arrest members of ransomware operations. As a result, the U.S. announced the arrest of a REvil ransomware affiliate, primarily responsible for the Kaseya attack, seizing some $6 million from the cybercriminal group.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.