Jan 18 — On Friday, Russian authorities announced their interference with the REvil ransomware gang’s activities. Fourteen of the groups members were arrested, and the groups overall operations could not continue. The takedown occurred at the behest of the US government, which aimed to prevent repeats of past, large-scale cyber security issues caused by REvil.
According to Russia’s Federal Security Service, or FSB, operatives seized millions in cash, luxury cars, and cryptocurrency wallets during the raids. Russian media outlet TASS later published a partial video of the bust.
What is REvil?
The REvil ransomware gang gained notoriety for high-profile cyber security breaches, including those associated with the Kaseya and JBS Foods attacks of last year. REvil attacks have been so disruptive to the US economy and society at-large that the US government has previously posted rewards of up to $10 million for information leading to the arrest of senior REvil leaders. Authorities in Poland and Romania have also pursued REvil associates, arresting several suspected members of the group between August and November of 2021.
Ransomware gang rebrands
One of the challenges facing law enforcement is that ransomware groups commonly disappear, only to pop back up under another name at a later point in time. For example, after the Kaseya ransomware attack, REvil ‘went dark’ and experts anticipated that the group would continue operations under another alias.
Broadly speaking, ransomware attacks have become one of the largest cyber security issues facing organizations. Nearly every economic sector has witnessed ransomware-related disruptions. The “biggest ransomware attack ever” affected 1,500 businesses simultaneously, and experts warn that others like it could emerge.