A bad day in the office for the REvil ransomware gang, as Russia arrests 14 members

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Russia arrests 14 REvil ransomware gang members

While data-wiping malware is hitting the PCs of multiple Ukrainian organisations, Russia has taken the surprising step of arresting 14 members of the REvil ransomware gang.

After years of Russia ignoring demands from other countries to take action against notorious ransomware gangs, it finally appears to have done something… using information supplied to it by the USA.

Russia Arrests Alleged REvil Ransomware Hackers at the Request of U.S.

Russia’s FSB claims that aside from dismantling the ransomware-as-a-service (RAAS) gang also known as Sodinokibi, it has also seized over 426 million rubles (over US $5.5 million), and more than 20 “premium cars”.

In other words, a bad day in the office for REvil which previously plagued the likes of IT service firm Kaseya and its clients, the world’s biggest meat supplier JBS, web hosting provider Managed.com and others.

Sign up to our free newsletter.
Security news, advice, and tips.

Admittedly, it felt like the writing had been on the wall for REvil for some time, after reports last October that computer crime-fighting authorities had managed to hack REvil’s computer network infrastructure, and seized control of at least some of the group’s servers.

But for Russia to arrest REvil’s members and seize its money is a much worse move for the REvil gang than Western law enforcement agencies disrupting its activities.

A White House official told reporters that the arrests were welcomed by the Biden administration, and that “…we understand that one of the individuals who was arrested today was responsible for the attack against Colonial Pipeline last spring.”

I’d be surprised to see Russia to go one step further and extradite the suspects to face trial in the United States (where a $10 million reward has been offered.)

So I wonder why Russia has finally done something now against a notorious ransomware gang? It’s a move which is likely to be welcomed by much of the world, just when Russia is feared to be preparing to invade one of its neighbours – a country which itself has just come under cyber attack.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.