FSB arrests REvil ransomware gang members

The Russian Federal Security Service (FSB) said today that it has raided and shut down the operations of the REvil ransomware gang.

Raids were conducted today at 25 residents owned by 14 members suspected to be part of the REvil team across Moscow, St. Petersburg, Leningrad, and the Lipetsk regions.

Authorities said they seized more than 426 million rubles, $600,000, and €500,000 in cash, along with cryptocurrency wallets, computers, and 20 expensive cars.

"The detained members of the [organized criminal structure] were charged with committing crimes under Part 2 of Art. 187 'Illegal circulation of means of payment' of the Criminal Code of Russia," the FSB said in a press release today.

The FSB, which serves as Russia's internal intelligence agency, said it conducted its operation at the request of US authorities, which were notified of their results.

The raid comes after President Biden and US authorities have pressured Russian President Vladimir Putin repeatedly over the summer to crack down on the Russian underground cybercrime ecosystem, which harbors many of today's top ransomware crews.

Kaseya attack aftermath

The REvil gang was one of the most active ransomware crews last year, being responsible for the attack against JBS Foods, which impacted the meat supply across the US and Australia in May, and the attack on IT provider Kaseya during the 4th of July weekend.

After US authorities started pressuring Russian officials, the REvil gang shuttered operations in July but then attempted a comeback in September before having some of their dark web servers seized by US authorities and disappearing from the criminal underground for good.

Besides the arrests in Russia today, seven other REvil gang members were also arrested throughout 2021, following operations coordinated by the FBI and Europol, many as retaliation for the group's ever-increasing number of attacks.

The FSB has not released the names of any of the suspects detained today, although, after this article went live, Russian news outlet RBC identified one of the suspects as Roman Muromsky, and TASS identified a second member as Andrei Bessonov.

"Representatives of the competent US authorities were informed about the results of the operation," the FSB added today, highlighting their rare collaboration with US authorities. The suspects aren't likely to face charges in the US as the Russian government doesn't have a legal mechanism to extradite its own citizens.

Article updated with link to RBC and TASS coverage identifying some of the hackers.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.