Russia claims to have brought down the REvil ransomware ring

Russian officials have reported the dismantlement of the famed REvil ransomware gang, as well as the arrest of some of its members.

The Federal Security Service of the Russian Federation, or FSB for short, claimed in a statement that the cybercriminal cell had “ceased to exist” during a recent law enforcement operation, according to the BBC.

Even though the US was willing to pay up to $10 million for information on the REvil ransomware group, it currently looks that none of its members will be extradited after their arrests. According to the FSB, the agency utilized intelligence given by the US to shut down the organization and permanently put a stop to its activities.

By addition to gathering 426 million rubles (about $5.5 million), including over $600,000 in bitcoin, the FSB reportedly confiscated 20 “luxury automobiles” from the gang.

REvil ransomware organisation

Despite the fact that the organization pulled down all of its websites and largely shut down in September of last year, REvil remains one of the most prominent ransomware gangs in history.

REvil is responsible for a huge ransomware assault on the meat processor JBS last year, which resulted in a total shutdown of operations for the Memorial Day vacation. However, the gang struck again around the Fourth of July holiday weekend in 2021, this time targeting the IT management business Kaseya, affecting hundreds of enterprises, including various managed service providers and their clients.

Even though it looked that REvil had restarted activities under the guise of BlackMatter last summer, the news that the group has been disbanded will likely come as a comfort to the several groups that it has attacked over the years.

We’ll have to check and see whether the Russian government and the FSB offer any other information on REvil’s activities, but for the time being, it seems like REvil has been decommissioned.