Following requests from U.S. authorities, the Russian Federal Security Service (FSB) arrested members of the REvil ransomware gang and shut their operations, which in the last few years have struck American ventures such as the Colonial Pipeline, JBS Foods, and Kaseya.
The Russian-based group had made U.S. business and infrastructure a frequent target, though its members were arrested for money-laundering charges, according to a release from the FSB. According to the FSB, those arrested – though not named – had developed malicious software and stole funds from bank accounts of foreign citizens. The Russian intelligence service accounted for more than 426 million rubles (more than $5.6 million) seized during the arrests, including computer equipment, cryptocurrency, and cars bought with the illicit funds.
“As President Biden has repeatedly emphasized in meetings with both allies and adversaries, combatting ransomware requires all countries to hold accountable cybercriminals operating from within their territory,” said U.S. Rep. Bennie Thompson (D-MS), chairman of the Committee on Homeland Security. “I am pleased by reports today that Russia has arrested several ransomware criminals, including an individual responsible for the highly disruptive Colonial Pipeline attack in May. We must ensure that this is part of a sustained effort to deny safe haven to ransomware gangs and bring these dangerous criminals to justice.”
A May 2021 cyberattack on the Colonial Pipeline led to widespread gas shortages on the East Coast as the company halted services while trying to address the breach. That attack utilized an encryption software known as DarkSide, said to be developed by affiliates of REvil. Separate attacks paralyzed the world’s largest meatpacking company, JBS, that June and exploited IT management software company Kaseya in July.
The Biden administration has previously called on Russia to crack down on ransomware groups operating within its borders and shared information to aid the process. In the past, U.S. National Security Adviser Jake Sullivan has likewise stressed that more cooperation on ransomware was needed because the United States could not handle it alone. However, there is no extradition treaty in place between Russia and the United States, and these efforts come at a time of heightened tensions between the two nations.
According to the Wall Street Journal, the arrests included the individual responsible for the attack on Colonial Pipeline last spring and quoted an administration official as welcoming reports the Kremlin was taking steps to address ransomware within its borders.
The FSB noted that those arrested could face up to seven years in prison.