Russia Says It Dismantled Hacking Group REvil At US Request | News
Moscow says it cracked down on the ransomware cybercriminal group suspected of attacks on US companies, at the behest of Washington.
Russia dismantled the REvil ransomware criminal group at the request of the United States in an operation during which it detained and charged the group’s members, according to the Federal Security Service’s domestic intelligence service ( FSB) of Russia.
The FSB said in a statement on Friday that it had “cracked down on the illegal activities” of members of the group during searches at 25 addresses which took away 14 people.
The arrests were a rare apparent display of US-Russian collaboration at a time of high tension between the two over Ukraine.
The announcement came as Ukraine responded to a massive cyberattack that shut down government websites, although there was no indication the incidents were linked.
A senior administration official, who wished to remain anonymous, told Reuters: “We understand that one of those arrested today was responsible for the attack on Colonial Pipeline last spring.”
A May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the US East Coast used encryption software called DarkSide, which was developed by REvil associates.
A US official quoted by AFP news agency also welcomed the arrests, saying: “I want to be very clear – in our minds, this has nothing to do with what is happening with Russia and Ukraine.
“I’m not talking about the Kremlin’s motives, but we are satisfied with these first actions,” she said on condition of anonymity.
“We have also been very clear – if Russia further invades Ukraine … we will impose a heavy cost on Russia in coordination with our allies.”
The FSB listed REvil’s assets it had seized, including 426 million rubles, $600,000, 500,000 euros, computer equipment and 20 luxury cars.
A Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov and remanded them in custody for two months.
Two people familiar with Muromsky told Reuters news agency that he was a web developer who helped them build websites for their businesses.
No official US comment
Russia directly informed Washington of the action it had taken against the group, the FSB said. The US Embassy in Moscow said it could not comment immediately.
“The investigative measures were based on a request from the … United States,” the FSB said. “…The organized criminal association has ceased to exist and the IT infrastructure used for criminal purposes has been neutralized.”
The REN television channel broadcast footage of officers raiding houses and arresting people, pinning them to the ground and seizing large piles of dollars and Russian roubles.
The members of the group have been charged and face up to seven years in prison, the FSB said.
A source familiar with the matter told Russian news agency Interfax that members of the group with Russian nationality would not be handed over to the United States.
The United States said in November it was offering a reward of up to $10 million for information that could identify or locate anyone in a key position in the REvil group.
The country has been hit by a series of high-profile hacks by cybercriminals seeking ransom. A source with direct knowledge of the case told Reuters in June that REvil was suspected of a ransomware attack against the world’s largest meatpacking company, JBS SA.
Washington has repeatedly accused the Russian state in the past of malicious internet activity, which Moscow denies. REvil has not been associated with any major attack for months.
Muromsky, who was apprehended in Friday’s raids, is in his 30s and was born in Anapa, southern Russia, one of his clients told Reuters. “He worked like a normal programmer.”
Another client, Adam Guzuyev, described Muromsky as “a normal normal worker” who was unable to install all the features Guzuyev wanted on his website.
“He didn’t earn more than 60,000 rubles. I can’t say he has genius abilities,” he said.