Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Russia’s FSB Takes Down REvil Cyber Gang in an Unprecedented Series of Raids

Reuters reported on Friday that the Russian Federal Security Service (FSB) and local police launched a series of raids against members of the REvil/Sodinokibi ransomware gang at the request of the United States. More than a dozen arrests were made with millions in cash and goods being confiscated by authorities.

This unprecedented action from the Russian Federal Security Service aligns with the fear that we've observed while conducting cybercriminal chatter reconnaissance on the Dark Web.

Cybercriminals on the Dark Web indicated back in November 2021 that they believed there were secret negotiations on cybercrime between the Russian Federation and the United States and urged each other to prepare for potentially serious actions from Russia, according to Trustwave SpiderLabs’ research. 

The FSB's activity would apparently confirm these fears as the Russian agency stated the arrests were conducted at the behest of United States government. Although the U.S. government has not commented on this activity, the two governments did meet in June 2021 to discuss the issue of ransomware attacks.

The FSB's move is only the latest to strike REvil.

The ransomware gang has been under pressure by the Russian, Ukrainian and U.S governments since last summer when President Joe Biden specifically called out Russian President Vladimir Putin in July 2021 following the Kaseya VSA attacks – a mass-scale ransomware campaign that was attributed to REvil. In a phone call to Putin, Biden demanded that the Russian government take action against ransomware gangs operating inside Russian. 

Several days after this conversation, the REvil gang began to disappear from the Internet (before briefly reappearing and then seemingly shut down in October), and more arrests were made due to the collaboration between several law enforcement agencies internationally.

Only time will tell if REvil resources will reemerge in another form, as we've seen with other ransomware groups many times in the past.

In Friday's action, the Russian FSB and police raided 25 addresses, detaining 14 people, the FSB said, listing assets it had seized, including 426 million rubles (about $5.6 million), as well as more than $600,000 in U.S. cash, and another 500,000 euros, computer equipment and 20 luxury cars, Reuters reported.

REvil's method of operation included encrypting a target's database with ransomware along with data exfiltration. It then used the stolen data to blackmail their victim into paying the ransom. The threat being that if the organization refused to pay the ransom, the gang would make the sensitive information it had taken public.

About the Author

Ziv Mador is VP, Security Research at Trustwave SpiderLabs . Ziv manages the global security research team covering areas including cyberattacks, malware reverse engineering, IDS/IPS, spam and phishing, threat intelligence and correlation. Follow Ziv on LinkedIn.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo