Russia eliminates REvil hackers – as tensions in Ukraine rise

“I think being preoccupied with Russia’s ulterior motives [for conducting the REvil arrests] is perfectly reasonable,” says John Hultquist, vice president of threat intelligence at security firm Mandiant. “It’s basically a feather in their cap and you could certainly take a cynical view of it and think it’s all a signal. But I think ultimately it’s still good news. The actors needed to know that if you’re harassing thousands of people and stealing hundreds of millions of dollars, you can’t just walk away when the sun goes down.

This is not the first time that an alleged REvil member has faced prosecution from law enforcement. In November, a 22-year-old Ukrainian national, Yaroslav Vasinskyi, was arrested in Poland and accused of carrying out the attack on Kaseya. Vasinskyi allegedly abused a Kaseya product to deploy the REvil code which then distributed the group’s ransomware through Kaseya’s networks, according to a Department of Justice indictment. Yevgeniy Polyanin, a 28-year-old Russian national, was also accused of deploying REvil ransomware – he is accused of carrying out 3,000 ransomware attacks – and had $6.1 million confiscated from his assets.

Law enforcement agencies around the world, including in Ukraine, are increasingly collaborating to combat ransomware actors. Since February 2021, Europol has stopped five hackers linked to REvil and says 17 countries have worked on its surveys. These include the United States, United Kingdom, France, Germany and Australia.

Without Russian cooperation, however, officials had strict limits on which gangs they could effectively target. After hitting a zenith – or nadir – with a series of disruptive and destructive attacks in the summer of 2021, REvil mostly went dark after international law enforcement compromised its Infrastructure. However, other groups based in Russia, such as the notorious DarkSide gang and its successor BlackMatter, have continued their targeting, at least for now.

“The big question, I guess, does this represent a real change in Russian intentions to deal with this issue, or was REvil just sacrificed in an attempt to alleviate some international pressure? ” says Brett Callow, threat analyst at antivirus firm Emsisoft. “I would suspect the latter.”

Callow and others point out, however, that while it will take time to learn more about the Russian government’s approach, seeing so many REvil operators apprehended should have some chilling effect. And in an interconnected industry like the ransomware market, every disruption matters.

“I agree that there must be some motivation other than ‘the US kindly asked us’, but either way, it will further disrupt the ransomware economy, at least in the short term” , says Jake Williams, incident responder and former NSA hacker.

In the long term, several ransomware groups operating from Russia remain very active. REvil’s withdrawal is a sign of progress, but what really matters is the Kremlin’s appetite to prosecute these other gangs as well.

More Great WIRED Stories

Russia eliminates REvil hackers – as tensions in Ukraine rise

Source link Russia eliminates REvil hackers – as tensions in Ukraine rise

Back to top button