[TheRecord] FSB raids REvil ransomware gang members

The Russian Federal Security Service (FSB) said today that it has raided and shut down the operations of the REvil ransomware gang.

Raids were conducted today at 25 residents owned by 14 members suspected to be part of the REvil team across Moscow, St. Petersburg, Leningrad, and the Lipetsk regions.

Authorities said they seized more than 426 million rubles, $600,000, and €500,000 in cash, along with cryptocurrency wallets, computers, and 20 expensive cars.

“The detained members of the [organized criminal structure] were charged with committing crimes under Part 2 of Art. 187 ‘Illegal circulation of means of payment’ of the Criminal Code of Russia,” the FSB said in a press release today.

The FSB, which serves as Russia’s internal intelligence agency, said it conducted its operation at the request of US authorities, which were notified of their results.

The raid comes after President Biden and US authorities have pressured Russian President Vladimir Putin repeatedly over the summer to crack down on the Russian underground cybercrime ecosystem, which harbors many of today’s top ransomware crews.

The REvil gang was one of the most active ransomware crews last year, being responsible for the attack against JBS Foods, which impacted the meat supply across the US and Australia in May, and the attack on IT provider Kaseya during the 4th of July weekend.

After US authorities started pressuring Russian officials, the REvil gang shuttered operations in July but then attempted a comeback in September before having their servers seized by US law enforcement.

Seven other REvil gang members were also arrested throughout 2021, following operations coordinated by Europol.

The FSB has not released the names of any REvil members.

“Representatives of the competent US authorities were informed about the results of the operation,” the agency said today.

Developing story. Updates to follow.

The post FSB raids REvil ransomware gang members appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] A third of all dark web domains are now v3 onion sites

Throughout 2020 and 2021, the Tor anonymity network has gone through a major change as the Tor software team has released a new version of its software that updated how .onion domains look and work. More specifically, the Tor Project has done away with 16-character-long .onion domains, also known as v2 addresses, and replaced them with 56-character-long […]

Read More

[SecurityWeek] Google Intros SLSA Framework to Enforce Supply Chain Integrity

All posts, Security Week

Google wants to bring “salsa” to drive enforcement at the software supply chain security party. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[HackerNews] Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

All posts, HackerNews

Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed Source: Read […]

Read More