The Russian Federal Security Service (FSB) announcement on Friday that it raided and shut down the operations of the notorious REvil ransomware gang.
The unprecedented move – which will no doubt send a message to other ransomware groups operating outside the country – saw Russian authorities raid 25 addresses in Moscow, St Petersburg, Leningrad and Lipetsk regions. which belonged to 14 alleged members of REvil.
The gang, which ended its activities in July but before a failed return in September, is said to have orchestrated some of the most devastating attacks of the past 12 months, including those targeting Colonial Pipeline, JBS Foods and US technology company Kaseya
The FSB said it seized more than 426 million rubles and 500,000 euros (about $6 million), along with $600,000 in cash, cryptocurrency wallets, computers and 20 high-end cars.
In a statement, the FSB said it carried out the search operation at the request of US authorities, who were informed of their results.
The detained members of the ransomware gang have been charged under Russian law for the alleged “illegal circulation of means of payment”. Russian authorities have not released the names of any of the suspects.
“As a result of joint actions of the FSB and the Russian Interior Ministry, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized,” the FSB said in a statement.
News of the surprise FSB operation comes just two months after the US Justice Department indicted a 22-year-old Ukrainian citizen linked to the REvil ransomware gang for orchestrating the July ransomware attack on the tech company. American Kaseya. Seven other members of the REvil gang have also been arrested throughout 2021 following operations coordinated by Europol. In July, President Biden urged Russia to follow suit, pressuring Russian President Vladimir Putin to take action to disrupt these criminal gangs.
The FSB action also comes just hours after a major cyberattack on Friday took down government websites in Ukraine, including websites of the Ministry of Foreign Affairs, the National Security and Defense Council and the cabinet of government ministers. Officials said it was too early to draw conclusions, but pointed to a “long record” of Russian cyberattacks against Ukraine.