Russia’s domestic security service, the FSB, has arrested numerous members of the REvil hacking group at the request of the US government, the FSB said on Friday. The move, which marks an unusual degree of cooperation between Russian and US agencies, comes amid increasingly aggressive Russian military activity on the Ukrainian border and tense diplomacy as the United States attempts to prevent armed conflict.
Reporting by the Russian Interfax news agency claimed that the FSB seized 426 million rubles ($5.6 million) in a raid against 14 members of the group, along with more than $600,000 worth of cryptocurrency and 20 luxury cars. The FSB told Interfax that it was acting at the request of US authorities and had informed them of the results of the operation. The operation effectively dismantled REvil as an entity, the FSB said.
The Biden administration has long called on Russia to do more to crack down on ransomware gangs operating within the country, though with limited success until now. Analysts have tied Russian groups to extensive ransomware operations in Europe and the US, often without interference from local law enforcement. With no extradition treaty in place, the Russian government has been accused of sheltering cybercriminals provided they do not attack domestic targets.
US agencies have intensified their pursuit of REvil after the FBI linked it to the hack that shut down the Colonial Pipeline in May 2021. REvil was also behind a cyberattack against meat supplier JBS, also in May 2021, which shut down the company’s meat processing plants across the US.
One alleged member of REvil was arrested by Polish authorities in November 2021 after being indicted by the US. According to reporting in Reuters, a source close to the case said that the FSB would not hand over REvil group members with Russian citizenship to the United States after the latest arrests.