On January 14, 2022, the FSB, Russia’s domestic security service, announced that they dismantled the REvil hacking and ransomware crime group at the request of the US government. Together with the Russian police, the FSB searched 25 addresses, detained 14 people, and seized assets such as 426 million rubles, $600,000, 500,000 euros, computer equipment, and 20 luxury cars.

revil malware warning
Photo Credit: Malwarebytes

The United States government has long been requesting Russia to crack down on ransomware groups within their country because there is no extradition treaty in place. US agencies have been extra adamant about the REvil group after the FBI linked two major cyber attacks in May 2021 to the group: the Colonial Pipeline shut down and the JBS USA attack. In November 2021, the United States even offered a reward of up to $10 million for information leading to the identification or location of anyone holding a key position in the REvil group.

In the Colonial Pipeline attack, attackers stole 100 gigabytes of data within two hours, received the personal information of over 6,000 from Colonial Pipeline, and infected the IT network with ransomware. As a result of the cyber attack, 5,500 miles of the Colonial pipeline were shut down for about five days, causing major fuel shortages. In the JBS USA attack, JBS paid $11 million in bitcoin to REvil and shut down its North American plants for two days, causing the national meat supply chain to take a hit.

A senior administration official from the United States announced that one of the individuals arrested was responsible for the Colonial Pipeline attack. According to the FSB, the REvil group members could face up to seven years in prison.

The dismantling of REvil could mark a new beginning in the world of cybersecurity and ransomware hacking groups. Considering that cyber crimes have increased by 300% since the start of the pandemic, this could not have come at a better time.