Russian Authorities Say They’ve Dismantled REvil Ransomware Group at US Request

The FSB raided 25 residences, seizing approximately $6.8 million in various currencies including cryptocurrencies.

Jan 18, 2022 at 7:52 p.m. UTC
Updated Jan 26, 2022 at 4:29 a.m. UTC

Cheyenne Ligon is a CoinDesk news reporter with a focus on crypto regulation and policy. She has no significant crypto holdings.

Russia’s top domestic intelligence agency says REvil – the Russia-based ransomware gang tied to the Colonial Pipeline attack – has “ceased to exist” after the agency arrested 14 alleged members of the criminal organization last week.

The Federal Security Service (FSB) raided 25 residences tied to REvil, seizing approximately $6.8 million in various currencies – including cryptocurrencies. The FSB also seized computer equipment, crypto wallets “that were used to perpetrate crimes” and 20 luxury cars, according to a Jan. 14 press release.

The FSB said the arrests were carried out at the request of “US authorities.”

U.S. President Joe Biden has been pressing Russian authorities to act against REvil and other Russian cyber criminals since last summer, when REvil demanded $70 million in bitcoin payments after hacking Miami-based software provider Kaseya. Russia has been slow to take action. Last week’s arrests are the first time – at least publicly – that Russian authorities have acted against one of the many ransomware groups based in Russia.

It is also the first time in years that U.S. and Russian intelligence agencies teamed up on a cyber crime operation. A few observers of U.S.-Russian relations have highlighted that the timing of the arrests coincides with Russia’s escalating efforts to invade Ukraine.

A White House official speaking on the condition of anonymity told reporters last Friday that the U.S. did not consider the arrests to be related to the ongoing events in Ukraine.

Russia’s motives for tackling REvil aside, the arrests are part of an uptick in global collaboration against ransomware gangs. Last year, Romanian, Kuwaiti and South Korean authorities independently arrested suspected members of REvil-affiliated hacking groups.

The momentum has continued into this year.

On Jan. 17, Europol announced that it had seized 15 servers belonging to VPNLab.net, a virtual private network provider that catered to cyber criminals and ransomware gangs, rendering the company’s virtual private network (VPN) services inoperable.

UPDATE (January 25, 2022, 4:26 UTC): Updates information that REvil demanded $70 million in ransom.

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Cheyenne Ligon is a CoinDesk news reporter with a focus on crypto regulation and policy. She has no significant crypto holdings.

CoinDesk - Unknown

Cheyenne Ligon is a CoinDesk news reporter with a focus on crypto regulation and policy. She has no significant crypto holdings.

Trending

1
CoinDesk - Unknown
The Curious Case of Coinbase's India Communications Strategy

Reverberations remain from the company's ill-fated Indian launch.

Reverberations remain from the company's ill-fated Indian launch.

CoinDesk - Unknown
2
CoinDesk - Unknown
First Mover Asia: Crypto Carbon Trading Is Racing to Clean Up Its Act; Cryptos Drop Even as Stocks Rise

Carbon credit protocols have had a difficult time in recent months but have been working to improve the way they operate; bitcoin outperformed other major cryptocurrencies in Thursday trading.

Carbon credit protocols have had a difficult time in recent months but have been working to improve the way they operate; bitcoin outperformed other major cryptocurrencies in Thursday trading.

CoinDesk - Unknown
3
CoinDesk - Unknown
Terra Devs Need a Home. Other Blockchains Are Courting Them

Armed with multimillion-dollar ecosystem funds, chains like Polygon and Kadena are trying to woo coders whose work is endangered by Terra’s meltdown.

Armed with multimillion-dollar ecosystem funds, chains like Polygon and Kadena are trying to woo coders whose work is endangered by Terra’s meltdown.

CoinDesk - Unknown
4
CoinDesk - Unknown
Circle Recommends Against a Digital Dollar, and Ethereum Beacon Chain Suffers Longest ‘Reorg’ in Years

The most valuable crypto stories for Thursday, May 26, 2022.

The most valuable crypto stories for Thursday, May 26, 2022.

CoinDesk - Unknown