The Russian Federal Security Service (FSB) announced on Friday that it has raided and shut down the operations of the notorious REvil ransomware gang.
The unprecedented move — which will undoubtedly send a message to other ransomware groups operating out of the country — saw the Russian authorities conduct raids at 25 addresses across the Moscow, St. Petersburg and Lipetsk regions that belonged to 14 suspected members of REvil.
The gang, which shut down its operations in July before a failed comeback in September, is believed to have orchestrated some of the most damaging attacks of the past 12 months, including those targeting Colonial Pipeline, JBS Foods and U.S. technology firm Kaseya.
The FSB said it seized more than 426 million rubles and €500,000 (about $6 million), as well as $600,000 in cash, and cryptocurrency wallets, computers and 20 high-end cars.
In a statement, the FSB said it conducted the search operation at the request of U.S. authorities, which were notified of their results.
The detained members of the ransomware gang were charged under Russian law for the alleged “illegal circulation of means of payment.” Russian authorities have not released the names of any of the suspects.
“As a result of joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized,” the FSB said in a statement.
News of the FSB’s surprise operation comes just two months after the U.S. Department of Justice charged a 22-year-old Ukrainian citizen linked to the REvil ransomware gang for orchestrating the July ransomware attack against U.S. technology firm Kaseya. Seven other REvil gang members were also arrested throughout 2021 following operations coordinated by Europol. In July, President Biden urged Russia to follow suit, pressuring Russian President Vladimir Putin to take action to disrupt these criminal gangs.
The action taken by the FSB also comes just hours after a major cyberattack took down government websites in Ukraine on Friday, including websites for the foreign ministry, national security and defense council and the government’s cabinet of ministers. Officials said it was too early to draw any conclusions but they pointed to a “long record” of Russian cyber assaults against Ukraine.
As your business grows, safeguarding the applications and systems it relies on involves a unique approach that balances accessibility with cybersecurity. At Raptor IT Consultants, our mission is to establish a foundation for your network resources that empowers users to work efficiently, while offering scalable, managed IT services that complement any business model; affordably. #raptoritnetwork