The fall of REvil - Russia raids members of the infamous hacking group

revil_arrest_thumbnail

On the 14th of January, Russian authorities cracked down on an multiple individuals believed to be behind the REvil group. The infamous hacking group is responsible for multiple, major attacks against companies based in the US. According to a high-ranked official in the Biden administration the crackdown was led by the FSB.

About REvil

The REvil hacking group has been around for a while now. It first came into the spotlight back in 2018, when it was known as 'Sodinokibi'. They came into the spotlight after developing the popular GandCrab malware. Since then, the group has been responsible for many cyber-attacks across the world. In 2020, REvil was called the most dangerous hacking group in existence.

The most notable attacks committed by the threat-actors include 2 US based companies. The meat supplier JBS was affected by the group, while being held at ransom for 11 million dollars. The most notable attack was on the IT company Kaseya through which they tried to squeeze over 70 million dollars. The Kaseya attack also affected over 1,500 smaller businesses using their solutions. After these major attacks, the group went silent.

The arrests

According to multiple news outlets, the FSB raided the homes of 14 individuals believed to be part of the infamous hacking group. The FSB is the Russian equivalent of the FBI back in the US. The arrests mainly took place in Moscow and Saints Petersburg, but also a few other cities. The FSB also seized over 6.8 million euros that was kept in all sorts of currencies including dollars and rubles. Cryptocurrency wallets, and 20 luxury vehicles were also seized.

US officials were very pleased with the arrests as there have been negotiation with Russia to step up crackdowns for months. The Biden administration official said that the arrests are "welcomed". He also expressed his wishes to trial the threat actors in the US justice system. This is very unlikely as tensions between Russia and the US are really high. The US and Russia also lack an extradition treaty making this possibility even less likely.

Political Motivation

Some sources claim that the recent arrests have been made due to political reasons. It was reported that this was done to show the US that Russia can cooperate with them if the US cooperates. This is related to the latest situation in Ukraine, as some claim that Russia is trying to show that they can be cooperative if the US stays out of Ukraine.

Conclusion

The REvil hacking group has been the most infamous hacking group for years. It was expected that arrests were going to take place sometime soon after all the major hacks. After getting too much exposure the group seemed to have gone silent, but that did not help. Some suspect that Russian authorities have not been whiling to arrest the individuals for political reasons, but this is unclear. There is a large possibility that the FSB just took as long as it did to locate the members behind the group.

Comment

Captcha