Russia’s internal security service, the FSB, has arrested numerous members of the REvil hacking group at the request of the US government, the FSB said Friday. The move, marking an unusual degree of cooperation between Russian and US agencies, comes amid increasingly aggressive Russian military activity on the Ukrainian border and tense diplomacy as the United States tries to avoid armed conflict.
Reporting by the Russian Interfax news agency claimed that the FSB 426 million rubles seized ($5.6 million) in a raid against 14 members of the group, along with more than $600,000 worth of cryptocurrency and 20 luxury cars. The FSB told Interfax that it acted at the request of the US authorities and informed them of the results of the operation. The operation effectively dismantled REvil as an entity, the FSB said.
The Biden administration has long called on Russia to do more to crack down on the ransomware gangs operating in the country, albeit with limited success so far. Analysts have linked Russian groups to extensive ransomware operations in Europe and the US, often without interference from local law enforcement. Since there is no extradition treaty, the Russian government accused of harboring cybercriminals provided they do not attack domestic targets.
US agencies have stepped up their hunt for REvil after the FBI linked it to the May 2021 hack that shut down the colonial pipeline. REvil was also behind a cyber attack on meat supplier JBS, also in May 2021, that closed the company’s meat processing plants across the US.
An alleged REvil member was arrested by Polish authorities in November 2021 after being charged by the US. According to reports in Reuters, a source close to the case said the FSB would not transfer members of the REvil group with Russian citizenship to the United States after the latest arrests.
The US Department of Justice had not responded to a request for comment at the time of publication.
The news of the operation against REvil comes on the same day that the government of Ukraine suffered a major cyber attack. Many government websites were shut down on Friday morning, with spokesmen from both the Ukrainian government and the EU pointing the finger at Russia.
As the US continues to negotiate with Russia over its military activities on its border with Ukraine, the FSB’s actions could be an offer related to the talks, said Nina Jankowicz, a global fellow at the Wilson Center and a specialist in Russian affairs.
“The FSB’s demise of REvil could be Russia’s attempt to give the US a leg up after negotiations over mounting tensions at the Ukrainian border this week,” Jankowicz said. “But it doesn’t mean much when the rubber hits the road — Russia still has over 100,000 troops at the border and this morning the Ukrainian government suffered a massive cyber-attack.”
While the cyberattack in Ukraine has not yet been attributed to Russia, Jankowicz said, the process was similar to attacks carried out prior to the conflict in Georgia in 2008 and the annexation of the Crimean peninsula in 2014.