Russian authorities say they have dismantled the ransomware group REvil and charged eight members. In cooperation with US law enforcement, around 5.6 million dollars, six hundred thousand dollars worth of cryptocurrency, 20 luxury cars were seized, and 14 were arrested. Eight have been charged. The Russian FSB says they were acting at the request of US authorities. They will not be extradited to the US. The White House confirmed that one of those arrested was responsible for the Colonial Pipeline hack. REvil was also behind the Kaseya attacks.
At the same time, Microsoft has observed destructive malware in the systems of several government agencies in Ukraine. The victims include agencies that provide critical executive branch or emergency response functions and the IT firm that manages websites for public and private sector clients.
Ukrainian police have arrested five members of a ransomware affiliate, coordinating with US and UK officials. This happened the day before the Russian arrests.
The White House held its open-source summit last week. As a discussion, the focus was on ways for the public and private sectors to secure open-source. One key conclusion – the understanding that open source is not the same as corporations impacted by the May 2021 cybersecurity executive order. The group discussed settling on “baseline standards for security, maintenance, provenance, and testing,”
And, it appears the FBI is looking at cybercrime in a new way. Rather than focusing on indictment and arrests instead of imposing costs on adversaries. This is from statements by two FBI officials late last week.
Why do we care?
Before cybersecurity engineers celebrate, let’s put this in context. The US and Russia are in negotiations over military actions at the Ukraine border, which is likely of much higher priority to President Putin than one ransomware gang. I could also speculate that REvil got just too much attention, thus being the apparent target to offer up as a gesture in the negotiations.
And with cyber being used in Ukraine… there’s certainly interesting timing here.
That’s not to say this isn’t significant. With law enforcement changing their tactics, the US government prioritizing the issue for national security, and foreign governments responding, this is distinctly an improvement.