What just happened? Russia’s FSB has arrested members of REvil, a ransomware group responsible for many cyberattacks across the US last year, including the Kaseya attack. Amid the arrest, the FSB seized millions of dollars in cash and assets.

According to machine translation of the FSB’s announcement, the Russian agency raided 25 addresses belonging to 14 people. During the raids it sized around 426 million rubles (about $5.6 million), $600,000 USD, 500,000 Euros, computers, crypto wallets, and 20 cars. The FSB charged the suspects with “illegal circulation of means of payment.”

The raids took place at the request of US authorities after they reported on a member of the group. That part of the FSB’s announcement may be a reference to Operation GoldDust, in which Romanian police arrested two people linked to REvil last November. In October, German authorities claimed to have identified a REvil member vacationing in the Mediterranean.

Last summer, REvil’s ransomware software was responsible for the cyberattack on business platform Kaseya, which affected hundreds of US businesses. Soon after, President Joe Biden made clear he wanted the Russian government to act on the activities of gangs like REvil that operate from inside Russia. The country has been accused of turning a blind eye to the gangs’ actions as long as they don’t attack anyone inside Russia.

A US official told The Washington Post one person the FSB arrested was involved in the Colonial Pipeline cyberattack, which was claimed by another ransomware group – DarkSide. It’s possible the individual worked for both DarkSide and REvil.

The FSB’s announcement comes around the same time that Ukranian government servers were attacked. No one has claimed responsibility for the cyberattack, but it occurred amidst fears of a Russian invasion of Ukraine, which the Ukranian government suspects would begin with cyberattacks on the country’s infrastructure. Over 100,000 Russian troops are currently massed near the Ukranian border.

Source link