The Russian Federal Security Service (FSB) has’shut down’ the renowned REvil ransomware ring

The Russian Federal Security Service (FSB) declared on Friday that it has raided and shut down the famed REvil ransomware gang’s activities.

The unusual action, which will surely send a message to other ransomware gangs operating outside the nation, saw Russian officials seize 25 residences in Moscow, St. Petersburg, Leningrad, and Lipetsk that belonged to 14 alleged REvil members.

The gang, which was shut down in July but made a failed return in September, is said to have coordinated some of the most destructive assaults in the last year, including those on Colonial Pipeline, JBS Foods, and US IT company Kaseya.

The FSB said that it took about 426 million rubles and €500,000 (around 6 million), as well as 600,000 in cash, cryptocurrency wallets, laptops, and 20 high-end automobiles.

The FSB stated in a statement that it conducted the search at the request of US officials, who were told of the findings.

The three members of the ransomware ring were charged with “illegal circulation of means of payment” under Russian legislation. The identities of the accused have not been revealed by Russian police.

“The organized criminal community ceased to exist as a consequence of combined activities of the FSB and the Ministry of Internal Affairs of Russia,” the FSB stated in a statement. “The information infrastructure utilized for illegal objectives was neutralized.”

The FSB’s unexpected operation comes barely two months after the US Department of Justice indicted a 22-year-old Ukrainian man with being a member of the REvil ransomware gang with plotting the July ransomware assault against US IT business Kaseya. Seven more REvil gang members were apprehended during 2021 as part of Europol-coordinated operations. President Biden asked Russia to follow suit in July, putting pressure on Russian President Vladimir Putin to take steps to dismantle these criminal networks.

The FSB’s move also comes only hours after a huge cyberattack on Friday knocked off government websites in Ukraine, including those for the foreign ministry, the national security and defense counsel, and the government’s cabinet of ministers. Officials said it was too early to make any conclusions, but they referred to Russia’s “long record” of cyberattacks on Ukraine.