Russia Arrests Suspected Members of REvil Ransomware Gang

Alston & Bird
Contact

Alston & Bird

Russia’s Federal Security Service (“FSB”) issued a press release on January 14, 2022 claiming that it dismantled the REvil ransomware gang by arresting 14 suspected members and seizing computer equipment, luxury vehicles, bitcoin, and fiat currency valued at over $1 million.

REvil is a notorious cybercriminal organization that claimed responsibility for a ransomware attack last year that temporarily crippled the world’s largest meat company by sales, and according to public reports may be closely related to the DarkSide cybercriminal organization that claimed responsibility for the ransomware attack on a critical infrastructure pipeline distribution company.  Indeed, Rep. Bennie G. Thompson (D-MS), Chairman of the Committee on Homeland Security, issued a statement on the day of the arrests stating that he was pleased at the announcement that Russia arrested several ransomware criminals, including an individual responsible for the critical infrastructure attack.

FSB’s announcement comes on the heels of increased pressure from the Biden Administration on Russia to neutralize cybercriminal organizations like REvil that are suspected of operating on Russian soil.  The Biden Administration and United States law enforcement agencies claim that their efforts to combat such groups have been hampered by the Russian government’s tacit acceptance of ransomware actors, many of whom operate within their borders.  In July, President Biden warned President Putin that Russia would face consequences if it failed to act to prevent such cyberattacks.  Following that exchange, President Biden announced that the United States and Russia established a communication channel to share information related to potential cybercriminal activity.

Russia’s actions against REvil are encouraging in that they show that Russia has the ability and, at least in this instance, the willingness to take apparent action against ransomware gangs.  However, cybersecurity experts say that the Russian government’s actions may be intended to influence the negotiations and threatened sanctions over the escalating crisis in Ukraine.  In particular, the Russians likely aim to make clear that cooperation on combating cybercriminal activity is a carrot it can offer, whereas lack of cooperation is a stick it can use if the West increases sanctions.  Thus, while these actions are welcome, whether this marks a more enduring shift in ransomware enforcement may be dependent on the uncertain state of U.S.-Russian relations.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Alston & Bird | Attorney Advertising

Written by:

Alston & Bird
Contact
more
less

Alston & Bird on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.