wordpress blog stats
Connect with us

Hi, what are you looking for?

REvil ransomware gang neutralised by Russia in a first-of-its-kind operation

Ransomware is one of the biggest cyber threats as attacks have grown exponentially in the past few years.

“The organised criminal association (REvil) has ceased to exist, and the information infrastructure used for criminal purposes has been neutralised as a result of joint actions of the Federal Security Service (FSB) of Russia and the Ministry of Internal Affairs,” read the press release by the FSB. A joint operation was carried out in Moscow, St. Petersburg, Leningrad, and Lipetsk regions to suppress illegal activities, the FSB added.

The coordinated search operation resulted in seizure of nearly 426 million rubles, which includes cryptocurrency, 600,000 dollars, and 500,000 euros from 25 different residences belonging to 14 REvil members. The authorities also recovered computer equipment, crypto wallets, and 20 premium cars, as per the press release.

The Russian authorities said that the action was taken following an appeal by US authorities, who have been informed about the operation. The 14 members have been charged with committing crimes under Part 2 of Art. 187 “Illegal turnover of means of payment” of the Criminal Code of Russia, the agency said.

Why this matters: It is the first time that the Russian authorities have taken action against one of several ransomware gangs based on its shores. It also demonstrates the value of global collaboration needed to tackle the threat of ransomware.

Why was it important to neutralise REvil?

REvil is the hacker group that’s responsible for cyber attacks against JBS Meat and Colonial Pipeline, among others. The FSB said that it established the full composition of REvil and the involvement of its members in illegal activities. The group developed malicious software to organise theft of funds from bank accounts of foreign citizens in order to implement its plan, the agency added.

Advertisement. Scroll to continue reading.

Russia has been under tremendous pressure ever since US President Joe Biden pressed the country to act against REvil and other Russian cyber criminals last summer, when REvil targeted Miami-based software provider Kaseya, CoinDesk reported.

Ransomware gangs in crosshairs

The increase in the number of attacks has led to countries ramping up their actions against ransomware gangs. Romanian, Kuwaiti, and South Korean authorities were responsible for the arrest of suspected members of REvil-affiliated hacking groups last year.

REvil was taken offline in a hacking operation by several countries spearheaded by the United States. The agencies involved in the operation include the Federal Bureau of Investigation, US Cyber Command, the Secret Service, and a few countries whose names are not yet known, Reuters reported.

More recently, VPNLab.net was shut down by the European Union Agency for Law Enforcement Cooperation (Europol) for allegedly aiding ransomware deployment and other cybercrime activities. Law enforcement authorities from Germany, US, and the UK, seized 15 servers that hosted VPNLab.net’s service, rendering it no longer available.

Which ransomware attacks can be tied to REvil?

January 2021: A pan-Asian retail chain operator Dairy Farm was attacked by the REvil gang which demanded a $30 million ransom. The REvil ransomware group compromised Dairy Farm Group’s network and encrypted devices in January. There is no confirmation on whether the ransom was paid.

March 2021: Computer giant Acer was hit by a REvil ransomware attack this year where the threat actors demanded the largest ransom, $50 million, to date. The ransomware gang announced on the data leak site (Happy Blog) that they had breached Acer and shared some images of allegedly stolen files as proof. It is not yet known whether Acer complied with the ransom.

Advertisement. Scroll to continue reading.

May 2021: JBS SA, the world’s largest meat processing company, was also one of the victims of the ransomware gang. It reportedly paid $11 million to obtain the decryption key. The ransom was paid in Bitcoin. The company was widely criticised for complying with the demands as it would incentivise more attacks.

July 2021: The attack on Kaseya in July 2021 is estimated to have affected up to 2,000 global organizations. REvil targeted a vulnerability in a Kaseya remote computer management tool to launch the attack. REvil demanded $70 million to restore encrypted data. Kaseya announced it received the decryption key for the files encrypted from an unnamed “trusted third party”, later discovered to be the FBI who had withheld the key for three weeks, and was helping victims restore their files.

Also Read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

I cover several beats such as crypto, telecom, and OTT at MediaNama. I will be loitering at my local theatre and consuming movies by the dozen when I am off work.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ