The Federal Security Service (FSB)—Russia’s domestic intelligence service—has said it has dismantled the REvil ransomware group at the request of the United States. The FSB reportedly conducted an operation that detained and charged several of the group’s members. 

One day later, a court in Moscow also detained six individuals described as suspected members of the group. 

What is REvil?

REvil is a Russia-based hacker group responsible for several ransomware attacks in which it demanded payment in cryptocurrency.

Last June, the group orchestrated a ransomware attack against JBS, a meat supplier that processes about 20% of America’s meat supply. The company eventually paid $11 million to the hackers. 

One month later, REvil demanded $70 million in Bitcoin after attacking at least 200 U.S. companies. The group broke into the Miami-based IT firm Kaseya’s systems, using them to access and paralyze over a million systems. 

“If anyone wants to negotiate about universal decryptor—our price is $70 million in Bitcoin,” the group said at the time. 

The ransomware group appeared to go dark in the weeks after the Kaseya attack, but in October, REvil hackers placed $1 million worth of Bitcoin on a public Russian hacker forum as part of an online “recruitment flex.” 

The strategy was part of the group’s hunt for teams that had “experience and skills” in various hacking-relevant fields, including penetration testing. 

REvil, Russia, and the United States

REvil’s ransomware activity against American entities has even prompted the Biden administration to focus on combating the threat of these kinds of attacks. 

The Biden administration has been so concerned about the threat presented by ransomware that it was elevated to a similar priority level as terrorism last summer. 

Also, during the summer, the U.S. government set up a ransomware task force tasked with combating cyberattacks and tracing cryptocurrency ransom payments. At the same time, President Biden warned Russia to act on the illicit ransomware activity coming from within its borders.

Ransomware attacks have risen 900% since the pandemic started. Image: Shutterstock

US Establishes Ransomware Task Force, Considers $10 Million Bounties

The White House has a dedicated ransomware task force that would focus on combating cyberattacks and double down on tracing cryptocurrency transactions involved in them, sources told Bloomberg today. Per the report, the topic was discussed during a virtual briefing with members of Congress yesterday. As part of the planned effort, the new unit will analyze and trace crypto transfers that affected companies and institutions have sent—or will send—to perpetrators of ransomware attacks. Biden Warns...

NewsBusiness
2 min read
Liam Frost
is perfectly reasonable. This essentially is a feather in their cap, and you could definitely take a cynical view of it and think that it’s all signaling,” John Hultquist of security firm Mandiant told WIRED.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.