Russia’s Federal Security Service (“FSB”) issued a press release on January 14, 2022 claiming that it dismantled the REvil ransomware gang by arresting 14 suspected members and seizing computer equipment, luxury vehicles, bitcoin, and fiat currency valued at over $1 million.
REvil is a notorious cybercriminal organization that claimed responsibility for a ransomware attack last year that temporarily crippled the world’s largest meat company by sales, and according to public reports may be closely related to the DarkSide cybercriminal organization that claimed responsibility for the ransomware attack on a critical infrastructure pipeline distribution company. Indeed, Rep. Bennie G. Thompson (D-MS), Chairman of the Committee on Homeland Security, issued a statement on the day of the arrests stating that he was pleased at the announcement that Russia arrested several ransomware criminals, including an individual responsible for the critical infrastructure attack.
FSB’s announcement comes on the heels of increased pressure from the Biden Administration on Russia to neutralize cybercriminal organizations like REvil that are suspected of operating on Russian soil. The Biden Administration and United States law enforcement agencies claim that their efforts to combat such groups have been hampered by the Russian government’s tacit acceptance of ransomware actors, many of whom operate within their borders. In July, President Biden warned President Putin that Russia would face consequences if it failed to act to prevent such cyberattacks. Following that exchange, President Biden announced that the United States and Russia established a communication channel to share information related to potential cybercriminal activity.
Russia’s actions against REvil are encouraging in that they show that Russia has the ability and, at least in this instance, the willingness to take apparent action against ransomware gangs. However, cybersecurity experts say that the Russian government’s actions may be intended to influence the negotiations and threatened sanctions over the escalating crisis in Ukraine. In particular, the Russians likely aim to make clear that cooperation on combating cybercriminal activity is a carrot it can offer, whereas lack of cooperation is a stick it can use if the West increases sanctions. Thus, while these actions are welcome, whether this marks a more enduring shift in ransomware enforcement may be dependent on the uncertain state of U.S.-Russian relations.