14 Jan 2022 16:28

FSB says it busted REvil cybergang at U.S. request

MOSCOW. Jan 14 (Interfax) - The members of the REvil cybergang suspected of launching cyberattacks on major United States companies have been indicted in Russia, and the group and its infrastructure have been eliminated, the Russian Federal Security Service (FSB) said.

"The Russian FSB has identified the complete composition of the REvil criminal group and involvement of its members in unlawful circulation of means of payment, and their unlawful activities have been documented," it said.

The search and investigative procedures were conducted based on a request from relevant U.S. agencies, which provided information on the criminal group's leader and his role in interference with information resources of foreign high technology companies through deploying malware, encrypting information, and extorting ransom for its decryption, the FSB said.

A set of coordinated investigative and search procedures led to seizing monetary assets at the place of stay of 14 members of the organized criminal group, amounting to over 426 million rubles, including in cryptocurrency, $600,000, and 500,000 euros, as well as computer hardware, cryptocurrency wallets used for committing crimes, and 20 luxurious cars bought on proceeds from criminal activities, it said.

"The detained members of the organized criminal group have been indicted for committing crimes covered by Russian Criminal Code Article 187 Part 2 (unlawful circulation of means of payment)," it said.

"As a result of the FSB and the Russian Interior Ministry's joint activities, the organized criminal group has ceased to exist, and the information infrastructure used for criminal purposes has been neutralized," it said.

Representatives of the relevant U.S. agencies have been informed of the operation's results, it said.

According to the FSB's findings, the suspects developed malware, stole money from bank accounts belonging to foreign citizens, and turned it into cash, including through purchasing expensive goods online.

The FSB did not provide the names of those detained.

Earlier reports said U.S.-based company Kaseya was targeted by a massive ransomware attack in July 2021. The attack affected companies directly or indirectly related to Kaseya, which remotely controls the software of its clients providing Internet services to businesses. As was reported, the cyberattack was mounted by REvil, a cybergang supposedly linked to Russia.

U.S. Attorney General Merrick Garland said in November 2021 that Russian citizen Yevgeny Polyanin, believed to be a REvil leader, received about $13 million from victims of his ransomware attacks, yet Washington has managed to recover only $6.1 million.