Wednesday, October 4

Russia takes down REvil, one of the largest ransomware hacker groups

The Russian Federal Security Service (FSB) confirmed the dismantling of REvil, one of the largest cybercriminal and hacker organizations on record.

The advertisement It was given on January 14 through a press release published by the Agency. The text details that through joint work with the Russian Ministry of Internal Affairs, was given to the search and capture of the members of this gang in cities such as Moscow, Saint Petersburg and Lipetsk.

In the same statement it is detailed that the given tracking was done in collaboration with the security agencies of the United States, who reported the locations of the hackers. This gang was the architect of several attacks. That was the case, for example, with the whiskey manufacturer, Jack Daniel’s. In August 2020, cybercriminals claimed to have stolen more than 1TB of sensitive company information.


The press release states that at the time of the capture, about USD 600,000 in assets were confiscated, including cryptocurrencies (although the exact amount is not detailed). This gang claimed to have made over $100 million in ransomware hacks in 2020 alone.

According to the FSB, The capture of these criminals confirms the dismantling of this gang.

According to the FSB press release, the US authorities were informed about the capture of these criminals. Source: FSB.

Last November, CriptoNoticias reported that one of the criminal leaders of REvil was captured and brought to justice in Russia, and his extradition to the United States was requested.

Something curious within the report is that the detainees are charged with “illegal circulation of means of payment”, which is inferred about the possession, call it illegal, of bitcoin and cryptocurrencies by hackers. This could be related to the fact that the Russian Central Bank, would be seeking to ban the use of Bitcoin in the country.

Bitcoin and monero, REvil’s preferred cryptocurrencies

Before it was taken down, REvil used to collect bitcoin and monero ransoms from its victims. The sums requested reached up to USD 50 million, as occurred with the attack on the Acer company.

In another attack, in this case on the Miami-based company Kaseya, which offers IT advice to more than 200 companies, the figure reached more than USD 70 million. The REvil hackers demanded a payment of more than 2,000 BTC, to which the president had to intervene to open an investigation.

According to some reports, losses in 2021 due to ransomware attacks exceeded 60,000 BTC. REvil was one of the groups that caused the most damage with their attacks, generating losses rose above USD 10 million.

Russia and the United States in the midst of tensions

Currently Russia and the United States They are living in a very stressful environment. because Ukraine (US Ally) has signaled that it could be invaded by Russia. In response, the United States has warned that, in this scenario, the European country would suffer serious consequences.

Although the capture of REvil raises a panorama of collaboration between agencies of the two countries, the United States has accused, formerly Russia, of being “covering up” cybercriminals for ransomware attacks. With this he inferred that the Russian government could have links with REvil.

One of the consequences of these actions influenced Suex, a Russian cryptocurrency exchange (not linked to the Russian government), which was accused of participating in money laundering by cybercriminal groups. Suex had all of his assets in US jurisdictions frozen.

Since the last G7 meeting that took place last July, in which Russia was not present, the United States has asked to join forces against ransomware attacks, with the North American country being one of its main victims.