The Russian Federal Security Service (FSB) announced on Friday that it had raided and stopped the operations of the notorious ransomware gang REvil.
The unprecedented move – which will no doubt send a message to other ransomware groups operating outside the country – saw Russian authorities raiding 25 addresses in areas of Moscow, St. Petersburg, Leningrad and Lipetsk which belonged to 14 alleged members of REvil.
The gang, which went out of business in July but before a failed comeback in September, are said to have orchestrated some of the most damaging attacks of the past 12 months, including those targeting Colonial Pipeline, JBS Foods and US tech company Kaseya.
The FSB said it seized more than 426 million rubles and 500,000 euros (roughly $ 6 million), as well as $ 600,000 in cash, cryptocurrency wallets, computers and 20 high-end cars.
In a statement, the FSB said it had carried out the search operation at the request of the US authorities, who were informed of their results.
The detained members of the ransomware gang have been charged under Russian law for the alleged “illegal circulation of means of payment.” Russian authorities have not released the names of any of the suspects.
“As a result of joint actions by the FSB and the Russian Interior Ministry, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized,” the official said. FSB in a press release.
News of the FSB’s surprise operation comes just two months after the US Department of Justice indicted a 22-year-old Ukrainian citizen linked to the REvil ransomware gang for orchestrating the July ransomware attack on the tech company American Kaseya. Seven other members of the REvil gang were also arrested throughout 2021 following operations coordinated by Europol. In July, President Biden urged Russia to follow suit, urging Russian President Vladimir Putin to take action to disrupt these criminal gangs.
The FSB’s action also comes just hours after a major cyber attack on Friday destroyed Ukrainian government websites, including websites of the Ministry of Foreign Affairs, the National Security and Defense Council and the cabinet of government ministers. Officials said it was too early to draw conclusions, but pointed to a “long record” of Russian cyber attacks against Ukraine.