Saturday, January 15, 2022

CRIMINAL CRYPTO CAPITALI$M
Russia dismantles REvil hacker group at US request


A Gulf service station runs out of gasoline on May 11, 2021 in Atlanta following a hacking attack on the Colonial Pipeline blamed on Russian hackers (AFP/Megan Varner)

Fri, January 14, 2022, 5:55 AM·2 min read

Russia Friday said it had dismantled the prominent hacking group REvil, which carried out a high-profile attack last year on US software firm Kaseya, following a request from Washington.

The announcement came on the same day that Ukrainian government sites were hit by hackers in an attack that Kyiv linked to Moscow, which has amassed tens of thousands of troops on the border.

Russia's Federal Security Service (FSB) said in a statement that it had "suppressed the illegal activities" of members of the group during raids on 25 addresses that swept up 14 people.

The searches were carried out following an "appeal from the relevant US authorities".

Cybersecurity was one of the main issues on the agenda of a summit meeting between Russian President Vladimir Putin and US President Joe Biden last June.

In Washington, a US official praised the arrests, saying that one suspect was behind the disruptive hack of the Colonial Pipeline, but separated the issue from tensions on Ukraine.

"I want to be very clear – in our mind, this is not related to what's happening with Russia and Ukraine," the official told reporters on condition of anonymity.

"I don't speak for the Kremlin's motives, but we're pleased with these initial actions," she said.

"We've also been very clear -- if Russia further invades Ukraine... we will impose a severe cost on Russia in coordination with our allies."

The FSB said members of the group had "developed malware, organised the embezzlement of funds from the bank accounts of foreign citizens".

The equivalent of 426 million rubles ($5.5 million or 4.8 million euros) and 20 luxury cars were seized in the operation, the statement added.

During a phone call in July, Biden told Putin to "take action" against ransomware groups operating in Russia, warning that otherwise Washington will take "any necessary actions" to defend Americans.

The unprecedented attack targeting the US software firm Kaseya affected an estimated 1,500 businesses.

The Kaseya attack, which was reported on July 2, shut down a major Swedish supermarket chain and ricocheted around the world, impacting businesses in at least 17 countries, from pharmacies to gas stations, as well as dozens of New Zealand kindergartens.

Shortly after the attack, the "dark web" page of REvil went offline, sparking speculation about whether the move was the result of a government-led action.

jbr-acl/jbr-sct/ah

US 'welcomes' Russian arrests of REvil ransomware gang

Russia's Federal Security Service has announced a major crackdown on the REvil ransomware hacking group. One of the arrested individuals was allegedly responsible for the attack on the Colonial Pipeline last year.



At the request of the United States, Russia has detained a group of hackers who sent ransomware viruses

The US said it "welcomes" news out of Russia on Friday that security forces there arrested hackers tied to the devastating REvil ransomware gang, officials in both countries confirmed.

"We understand that one of the individuals who was arrested today was responsible for the attack against Colonial Pipeline last spring," a senior Biden administration official said about an incident that caused gas shortages on the eastern coast of the US.

Russia's Federal Security Service, the FSB, announced the hackers' arrests. In addition to the pipeline hack, REvil was said to be behind the cyberattack on Kaseya over the Fourth of July holiday weekend last year that devastated over 1,000 businesses around the world including a Swedish supermarket chain.

A source told the Reuters news agency the group could also be tied to a cyberattack last year targeting Brazil-based meat processor JBS S.A.

What did the FSB do?

The FSB raided 25 addresses and arrested 14 hackers involved with REvil.

In the process, the FSB seized more than 426 million rubles ($5.6 million or €4.9 million) worth of cash, cryptocurrency, computers, and cars.

The REvil hackers arrested by the FSB have been charged with "illegal circulation of means of payment," and could face up to seven years in prison.

The Russian REN TV network aired footage of officers pushing suspects down and seizing piles of cash in dollars and rubles before carting them off during the raids.

While the FSB did not name those they arrested, a Moscow court named two of those charged as Roman Muromsky and Andrei Bessonov. Both were ordered to remain in custody for two months.

The FSB said the operation was carried out at the behest of US authorities who sought the arrest of the group's leader. It is the first such action since Russian leader Vladimir Putin and US President Joe Biden met last summer in Geneva.
ReEvil members have taken millions in ransom payments

When announcing charges against two REvil members in November of last year, US Attorney General Merrick Garland said that cyberattacks carried out by REvil have cost computer users worldwide a minimum of $200 million in ransom payments.

Though the Russian government claimed responsibility for dismantling the REvil ransomware gang, cybersecurity experts say the group effectively did so on its own last year. Members of the group moved on to new grifts and the arrests in no way signal a broader crackdown on hackers in Russia, those experts said.

The news comes the same day Ukrainian government websites were defaced and separately US officials warned Russia may stage a "false flag" incident as a pretext to invade of Ukraine.

While the US and the EU did not attribute Friday's cyberattack, Ukraine's Security Service, the SBU, said the initial findings of their investigation pointed to "hacker groups linked to Russia's intelligence services."

The events come at the end of a long week of intense diplomacy focused on Russia and Ukraine with Russia's Deputy Foreign Minister Sergey Ryabkov meeting with US Undersecretary of State Wendy Sherman in Geneva earlier in the week before continuing to Brussels to meet with NATO and the Organization for Security and Cooperation in Europe (OSCE).

ar/wd (AFP, AP, Reuters)

No comments: