Sanctionseverity: High2022-01-14
Russia's FSB announces arrest of 14 REvil members at U.S. request
published by Federal Security Service of the Russian Federation
Actor
Russian ransomware-as-a-service operation derived from GandCrab in April 2019. Conducted the 2021 Kaseya VSA supply-chain compromise (~1,500 downstream victims via 60 MSPs), the JBS Foods $11M ransom…
Summary
Russia's Federal Security Service announced raids across 25 addresses, the arrest of 14 individuals identified as REvil members, and the seizure of 426 million roubles, $600,000, €500,000, cryptocurrency wallets, 20 luxury vehicles, and computer hardware. The FSB stated the action was taken at the request of the U.S. government — the first and last such public ransomware-takedown cooperation. Russia subsequently withdrew the cases after the February 2022 invasion of Ukraine.
Tags
takedownransomwarerussiaarrest