.png)
The Russia-based REvil gang has carried out numerous attacks on major global companies, including the July attack on software provider Kaseya and the attack last May on the world’s biggest meat processing business, JBS. Former REvil associates also are believed to be responsible for the May cyberattack on the Colonial Pipeline that led to gas shortages on the U.S. East Coast.
The arrests marked a rare positive moment in U.S.-Russian relations, after a flurry of diplomatic efforts in Europe this past week failed to deter Russia’s military buildup near Ukraine and persuade Moscow to de-escalate.
President Biden asked for President Vladimir Putin’s cooperation to fight cyberattacks and ransomware when the two met in Geneva in June, but Friday’s arrests are Russia’s first major operation to halt Russia-based ransomware attacks around the globe.
Since the June summit, senior U.S. and Russian officials in an “Experts Group” have held at least half a dozen calls in which the Americans have sought Moscow’s cooperation on cyber crime. The individuals arrested were discussed on those calls, with the United States passing information on them to the Russians so they could act, said a person familiar with the matter, speaking on the condition of anonymity because of the matter’s sensitivity. “This is really a credit to Biden’s approach,” the person said.
“This is a significant action by Russian law enforcement against one of the most prominent ransomware gangs in the world,” said Dmitri Alperovitch, chairman of the Silverado Policy Accelerator think tank. “It also serves as a signal — amidst potential significant deterioration of relations over Ukrainian conflict — to showcase the type of meaningful help Russia can provide to the U.S. if it chooses to — or not.”
The timing is not an accident, analysts said. It is aimed at sending the message that this is the sort of cooperation that Moscow can easily undertake or withhold in the event of the imposition of Western sanctions.
“Putin has already warned Biden that in the event of severe sanctions over invasion of Ukraine, there could be a full break in diplomatic relations, meaning that cooperation like todays action on ransomware, among other things, would cease,” Alperovitch said.
The FSB said U.S. law enforcement gave detailed information on the gang leader’s identity and criminal activities.
“The FSB of Russia established the full composition of the REvil criminal community and the involvement of its members in the illegal circulation of means of payment, and documented illegal activities,” according to an FSB statement.
Russian television showed FSB agents clad in black bursting into apartments, wrestling suspects to the ground and handcuffing their hands behind their backs, searching apartments and computers. One suspect had dozens of thick bundles of ruble bills in a compartment under his bed, according to the video.
The hacker shown was involved in the Colonial Pipeline incident, according to one U.S. official. Though that attack was claimed by a different Russian-speaking hacker group, DarkSide, it is not uncommon for hackers to work for more than one group and it is quite possible that the hacker shown worked for both REvil and DarkSide, analysts said.
In fact, it is likely that the leader of DarkSide started off by working as an affiliate for REvil, said Allan Liska, intelligence analyst at the cyber firm Recorded Future. There is also a good deal of overlap between the malware DarkSide and REvil use to lock up victims’ computers, he said.
A Justice Department complaint filed last month in the Northern District of Texas named Aleksander Sikerin, of St. Petersburg, as a member of the REvil gang. According to the complaint, U.S. law enforcement seized $2.3 million of cryptocurrency in August tied to ransomware attacks that U.S. officials say Sikerin carried out.
The FSB arrests of alleged REvil gang members sent a message of the benefits of cooperation with Russia, at the same time underscoring the potential costs to the United States if relations worsened.
Diplomatic efforts to ease the crisis over Ukraine appeared to founder Thursday. Russian officials said there was no point in continuing security talks, after United States and NATO officials ruled out Russia’s key demand that Ukraine, Georgia and other nations including Sweden and Finland, be barred from ever joining NATO.
Russian officials have threatened to cut all ties with Washington if the Biden administration carries out its threat to impose sweeping sanctions on Russia should it launch a new attack on Ukraine.
The REvil arrests also came as unknown hackers targeted Ukrainian government websites early Friday, blocking access and warning Internet users to “expect the worst.”
Viktor Zhora, deputy head of Ukraine’s state agency of special communication and information protection, said that “close to 70” federal and local government websites were attacked, many of which were swiftly restored.
Dixon reported from Belgrade, Serbia and Nakashima reported from Washington.
Read more:
English (United States) · 
Turkish (Turkey) ·