The Federal Security Service (FSB)—Russia’s domestic intelligence service—has said it has dismantled the REvil ransomware group at the request of the United States. The FSB reportedly conducted an operation that detained and charged several of the group’s members.
One day later, a court in Moscow also detained six individuals described as suspected members of the group.
What is REvil?
REvil is a Russia-based hacker group responsible for several ransomware attacks in which it demanded payment in cryptocurrency.
Last June, the group orchestrated a ransomware attack against JBS, a meat supplier that processes about 20% of America’s meat supply. The company eventually paid $11 million to the hackers.
One month later, REvil demanded $70 million in Bitcoin after attacking at least 200 U.S. companies. The group broke into the Miami-based IT firm Kaseya’s systems, using them to access and paralyze over a million systems.
“If anyone wants to negotiate about universal decryptor—our price is $70 million in Bitcoin,” the group said at the time.
Also, during the summer, the U.S. government set up a ransomware task force tasked with combating cyberattacks and tracing cryptocurrency ransom payments. At the same time, President Biden warned Russia to act on the illicit ransomware activity coming from within its borders.
is perfectly reasonable. This essentially is a feather in their cap, and you could definitely take a cynical view of it and think that it’s all signaling,” John Hultquist of security firm Mandiant told WIRED.
Want to be a crypto expert? Get the best of Decrypt straight to your inbox.
Get the biggest crypto news stories + weekly roundups and more!