According to the FSB, Russia’s Federal Security Bureau (ФСБ), the ransomware gang known in both Russian and English by the nickname “REvil” has been taken down:
ФСБ России установлен полный состав преступного сообщества «REvil»
The Russian FSB has identified the entire criminal enterprise known as “REvil”
In our zest to tell you what we’re told happened, we’re admittedly relying on automated translation of the report, but as far as we can tell, the FSB claims that the investigation has led to:
- Police raids on 25 addresses in at least Moscow, St Petersburg, Moscow, Leningrad and Lipetsk.
- Numerous arrests. Up to 14 individuals were implicated, but the report doesn’t say how many were actually taken into custody.
- More than US$5,000,000 confiscated in the form of rubles and cryptocoins.
- US$600,000 and EUR500,000 seized in cash.
- 20 fancy motors towed away on the grounds that they were “purchased with the proceeds of crime”.
The US connection
The FSB report explicitly mentions that the investigation and the raid were initiated by a request received from US law enforcement, which had apparently identified the REvil ringleader and provided evidence of the gang’s involvement in criminal extortion against US victims.
The FSB also offers a bullish conclusion, claiming that as a result of the raid “this cybergang ceased to exist, and its criminal infrastructure was neutralised”.
We hope that’s true, and that the core of the REvil ransomware-as-a-service operation really is now out of action…
…but the real problem with contemporary cybercrime is that [a] there are many ransomware gangs still operating, albeit now with less impunity than before, and [b] there are many other sorts of cybercrime.
Spammers, scammers, spyware pushers, phishers, password stealers, money launderers, fake support callers, and any number of other cybercrime perpetrators are still out there, and many of these will probably not be affected by this raid at all.
What to do?
So, despite this welcome news:
- Remember that prevention is better than cure.
- Don’t let your guard down.
- Patch early, patch often.
- Encourage your users to report suspicious online activity.
And, while you’re about it, why not read the advice from our latest State of Ransomware report?
2 comments on “REvil ransomware crew allegedly busted in Russia, says FSB”
“The FSB also offers a bullish conclusion, claiming that as a result of the raid “this cybergang ceased to exist, and its criminal infrastructure was neutralised”.
We hope that’s true, and that the core of the REvil ransomware-as-a-service operation really is now out of action…”
The first problem is that we can’t generally trust what the FSB (and state-run media) say, let alone what they actually do.
Assuming we take them at face value, the second problem is how much money and vehicles were *not* confiscated, but ended up in FSB employee and government official pockets and garages? That is money that would/should be going back to the cybercrime victims as part of restitution.
The third problem is being able to trust that 1) all the members WERE actually caught (and specifically the leaders) and 2) they will be extradited or, at minimum, fairly and actually punished by Russia. We know that the FSB has sponsored Russian cybercriminal groups in the past. Do we know ReVil wasn’t in on the action? If they were, do you expect them to actually be punished? Even if they go to trial, should we expect them to serve their sentences or be quickly escorted out the back door and into an unmarked FSB van to assume roles in their cyber-intelligence units?
Assuming that those arrested are Russian citizens, then your specific question about extradition is moot, because IIRC Russia doesn’t extradite its own citizens.
(This is not unusual. As far as I know, many countries follow this principle, including several in the EU, so this is not just “a Russia thing”. US and UK citizens, who share a common legal history and tradition, often find this surprising – in the same sort of way that they are often amazed to learn that many countries don’t have, and never have had, an adversarial criminal legal system, or juries to decide the outcome of criminal trials.)