The Russian authority said that they had carried out raids on 25 addresses in and around Moscow which led to the seizure of more than 426 million roubles (£4m), including cryptocurrency and 20 luxury cars.
The REvil hackers have been charged with "illegal circulation of means of payment," and could face up to seven years in prison.
Over the past year, the ransomware group has been publicly active, attacking some well known corporate Western firms such as American beef supplier JBS, software management company Kaseya and Florida-based space and weapon-launch technology contractor HX5.
The arrest follows the gang’s ransomware-as-a-service shut down on October 21st 2021, where the FBI and multi-country intelligence agencies hacked the group’sTor Payment portal and Happy Blog leak site.
Chief security strategist of Bitdefender Inc. Alexandru Cosoi commented that “It’s very surprising that the Russians started to play ball in the ransomware fight,” signifying the rarity of Russia’s law enforcement over cyber crime.
Russia’s FSB stated that the arrests were due to an appeal made by the US, marking a rare occurrence of cybersecurity cooperation between the countries.
According to John Bambenek, principal threat hunter at cybersecurity firm Netenrich Inc. “The effect that this will have on the scale of ransomware attacks moving forward will depend on if this is a one-off, or if more arrests happen. One arrest a month for a few months, then all of these guys will start to re-evaluate their life choices.”
Although this is a step in the right direction, it is difficult to predict whether this will be the end of REvil, with past arrests of such gangs often leading to their reformation under new names.
Ransomware attacks in the UK have doubled in a year, says GCHQ boss Jeremy Fleming, with the NCSC adding that ransomware attacks originating from Russia are dominating its activities.
This fight against ransomware from the Russian authority offers some hope that attacks will lessen. However, in comparison to the scale of attacks that we have seen in recent times, there is still a long way to go for us to have full confidence in Russia's control over the Western targeted ransomware that is occurring in its region.
Ransomware attacks can occur through many different methods, where the cyber criminal attempts to find vulnerabilities in your infrastructure until they successfully infiltrate it. One thing that is always the case in ransomware however, is that the attacker utilizes malware to commit the offence. There are a number of steps that you can follow to protect against malware, from email security, web security and cloud security.
A leading partner solution of ours offers an integrated solution that autonomously responds to Spam, Phishing, Malware and Ransomware. Their platform integrates attack intel across email, web, and cloud whilst reducing complexity and cost.
Protect your data in the cloud
Share this story
Here’s a single security platform that seems to provide all you need to protect your business from cyber attack and, refreshingly, they don’t put it all down to AI.
Learn MoreLet us know what you think about the article.
Let us know what you think about the article.
We're a community where IT security buyers can engage on their own terms.
We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.