Russia arrests members of notorious ransomware gang

39
4
Russia arrests members of notorious ransomware gang

The Biden administration praised the Kremlin for detaining members of a notorious ransomware gang at the request of the U.S. in a sweeping operation across Russia.

Law enforcement raided the homes of 14 members of the gang REvil and seized nearly $7 million, cryptowallets and 20 luxury cars, according to a statement released Friday by Russia's Federal Security Service. The U.S. authorities were informed that the group was shut down, it said.

One of the most prolific cybergangs, Revil, was accused of leading a flurry of attacks last year against companies and organizations, including one last May on plants in North America and Australia for meatpacker JBS SA, which eventually paid $11 million in ransom.

A senior administration official said Friday it welcomed the actions taken by the Kremlin in a call with reporters. The experts group was set up in June on ransomware, and they have been sharing information, including attacks on American critical infrastructure, the official said.

An individual arrested was responsible for the May hack of Colonial Pipeline Co., the official said. The U.S. East Coast was in a panic after the attack led to a major U.S. government response.

The arrests are a rare example of cooperation between Russia and the U.S. at a time when tensions are high over a mass buildup of Russian troops near the border with Ukraine. People familiar with the discussions said that the U.S. is pressureing Europe to agree on possible sanctions based on concerns that President Vladimir Putin could soon invade Ukraine. Russia doesn't plan to invade its neighbor.

It came as Ukraine suffered its worst cyberattack in four years, which it has done dozens of government websites. Ukraine has accused Russia of waging major cyberattacks against its digital infrastructure, but it is not yet clear who was behind the recent intrusions.

The senior administration official said they didn't believe the arrests were related to the events in Ukraine and that the White House would impose severe costs on Russia if it invades. The White House expects the suspects to be prosecuted, as a result of a question.

REvil was one of the most successful cyber gangs to conduct what is known as ransomware as a service. In the majority of cases, affiliates of REvil would break into companies, while the REvil gang provided the encryption software and customer support for a portion of the illicit proceeds.

A total of $200 million in ransom payments, paid in cryptocurrenciesBitcoin andMonero, has been received by REvil, according to the U.S. Treasury Department.

Brett Callow, a threat analyst at the cybersecurity company Emsisoft, said that REvil were probably the most brash and attention-seeking of the ransomware gangs. I suspect that the threat actors who acted as affiliates or were associated with the gang will be very concerned at this point. REvil, also known as Sodinokibi, was accused of runningsomware attacks on more than 20 Texas municipalities, along with the computer giant Acer Inc. and software provider Kaseya. Cybersecurity experts said there was overlap between that group and REvil, while the attack on Colonial Pipeline was linked to the DarkSide ransomware group.

Russia-linked ransomware groups were so disruptive that President Joe Biden pressed Putin to act during a call in July. Revil vanished from the dark web for nearly two months before reappearing in September.

The suspects won't be extradited to the U.S. Russia's Interfax news service, citing an unidentified person familiar with the case. The U.S. doesn't have an extradition treaty with Russia.

The Biden administration has called it a priority to curb cyberattacks, particularly against critical infrastructure in the U.S. The US and other nations have taken a series of disruptive actions against ransomware members, including recovery of stolen funds and actions against criptocurrencies exchanges that have allegedly allowed the laundering of illicit funds.

Charles Carmakal, senior vice president at the cybersecurity firm Mandiant, said 2021 may have been the worst year in a cyberthreat perspective, but we had more notable wins by the good guys than in any previous year.