Russian Police Shut Down REvil Ransomware Group

Following US requests for immediate and decisive action, Russian authorities have stepped in and have reportedly shut down the notorious REvil ransomware gang.

The Russian FSB, the country's federal security service, raided as many as 25 different locations across the country, in the capital city of Moscow as well St. Petersburg and the smaller city of Lipetsk.

FSB Seizes Assets Worth Millions of Dollars

The raid culminated with the FSB seizing assets and property worth a total of around $5.6 million. The seized items included half a million in both Euros and US dollars, as well as cryptocurrency and a stunning 20 luxury cars.

According to Russian reports, the operation also led to the arrest of 14 individuals. The highlight of the arrest is probably the person who was responsible for the Colonial Pipeline attack. White House reporter Ellen Nakashima stated that she received information from a US official, confirming the person who orchestrated the crippling Colonial Pipeline attack was seen on video footage released on Russian media.

Eight of the arrested individuals were charged by a Russian court on Saturday, Jan 15, for illegal circulation of payment methods.

As stated by Russian authorities, the REvil gang's IT infrastructure has been seized and "neutralized" as well.

The actions of the Russian FSB took place just a few days after the White House and the Kremlin had another phone call concerning cybersecurity and attacks carried out against US entities. There has been tension surrounding this subject ever since the May 2021 attack on Colonial Pipeline's networks that led to a crippling liquid fuel shortage in a large part of the US east coast.

Who was REvil?

REvil was one of the biggest threat actors on the ransomware landscape in recent years, even though the group realized it bit off more than it could chew with Colonial Pipeline. Shortly after the attack on Colonial, REvil seemed to lay low and pretended to shut down operations entirely. Later on, new ransomware gangs appeared and researchers considered them offshoots of the REvil group.

Before what seems like the ultimate end for REvil, the gang's infrastructure was taken down by a joint effort in the autumn of 2021. A month later, in November 2021, several alleged REvil members were arrested.