The Russian Federal Security Service (FSB) recently announced that they have taken down the infamous REvil hacking group, who have been known for their ransom campaigns and massive data theft.
This came at the request of the United States, and marks a success in international cooperation between the two countries.
In this article, we’ll cover the details involved with this takedown, including what REvil is, what they were up to, and the implications of the takedown.
Background on REvil
REvil is a cybercrime hacking group whose activities are believed to have started as early as April 2019. The group is linked to several hacks into high-profile international corporations and organizations such as Apple, Travelex, the City of San Francisco and the Salvation Army.
There is speculation that REvil was led by Russian hackers, partly due to the Russian language used in some of its malware and its reliance on a secure environment. In addition, the group created ransomware-as-a-service (RaaS), offering these tools used by other hacker groups online. Through RaaS, REvil earned commissions every time its tools were used in an attack against an organization or individual victim. It also earned money through payment demands asked by aspiring cybercriminals who wanted to use REvil’s tools.
This year, Russia took swift action on REvil at the request of global law enforcement agencies who wanted to end their activities after dangerous attacks had been reported against many global organizations worldwide. As a result, the Federal Security Service (FSB) apprehended multiple key group members in April 2021. It charged them with attempting to extort companies by deploying ransomware, malicious software that can lock data until a ransom payment is made.
Overview of REvil
REvil is a malicious hacking group from Russia identified as responsible for many cyberattacks.
The Russian security agency, the Federal Security Service (FSB), recently shut down the REvil hacking group due to requests from the US.
In this article, we will look at the operations of REvil and how it has been affecting the cyber world.
What is REvil?
REvil (also known as Sodinokibi or REvil) is a ransomware-as-a-service organization active since at least April 2019. The group primarily targets businesses and organizations, although the associated networks of affiliate actors continue to exploit vulnerable individuals. According to the Victims of REvil Network, a collective of professionals dedicated to assisting victims affected by malicious activity, by early 2021, the ransomware had caused over $300 million in losses to organizations globally.
REvil typically attempts to gain access through phishing emails or exploits known vulnerabilities. Additionally, the group is well known for using double extortion tactics where victims are forced to make payments or risk having their data leaked publicly on the group’s Dark Web portal hosted on its Tor website. After payment, encrypted files are returned with instructions for restoring them properly.
On April 28th 2021, Russia’s Federal Security Service (FSB) announced that it had arrested and charged two Russians with operating the hacking group in response to a request from the US Department of Justice (DOJ). However, it was unclear whether they were affiliated with any other cybercriminal groups and no further information on their identities was provided by either government agency.
Who is behind REvil?
REvil, also known as Sodinokibi, is a cybercrime group believed to be part of an Eastern European-based hacker collective. The group has gained notoriety in recent years for carrying out various malicious activities such as ransomware attacks, data breaches and cryptocurrency thefts using advanced hacking tactics.
The primary target of REvil is businesses. To disrupt their targeted organization’s operations and extract ransom payment from them, REvil has deployed sophisticated tools that allow them to access confidential information such as financial documents and customer data. To further damage their victims, the hacking group had even leaked confidential information on the dark web if the victim organization did not pay the ransom.
In July 2020, at the request of U.S authorities, Russia’s Federal Security Service (FSB) took down several of REvil’s operations, leading to a significant reduction in their attacking capabilities. Despite these efforts, however, this group continues to be active in the cyber-security domain, and future attacks cannot be discounted. Therefore organizations must continuously strive to evaluate their security technologies and protocols to maintain cyber resilience against any future malicious advances made by groups like REvil.
What has REvil been accused of?
Since it emerged in 2014, the Russian-based ransomware group known as REvil has been accused of numerous security breaches on corporate networks, resulting in the extortion of hundreds of millions of dollars. This group has been linked to attacks on high-profile entities such as banks, e-commerce providers, real estate developers, energy companies and law firms. Most ransom payments demanded by REvil range from $50,000 to $10 million.
According to reports, the organization had its core operations based in Russia and is believed to have been founded by Maksim Yakubets. Yakubets was arrested against accusations of carrying out various cyberattacks using REvil’s malware alongside another hacker identified as Igor Turashev.
REvil has reportedly used various methods for infiltrating company networks and obtaining sensitive data such as spear phishing campaigns and penetration testing tools like Fire Scout. Data exfiltration was allegedly made easier by accessing privileged accounts information obtained via user login credentials associated with insider attacks or malicious insiders. Complaints have also been attributed to the organization’s further tactics, including network scanning, brute force attacks and exploiting vulnerable Application Programming Interfaces (APIs).
Russia takes down REvil hacking group at U.S. request – FSB
On June 18th 2021, the Russian Federal Security Service (FSB) announced that it had succeeded in shutting down the infamous hacker group REvil at the request of the U.S. government. This marked a major triumph for both countries as they worked together to remove the threat of online criminal activity.
In this article, let’s examine Russia’s involvement in stopping the REvil group.
What prompted Russia to take action?
The Russian Federal Security Service (FSB) requested action against REvil, a global cybercrime group specializing in stealing confidential documents and using them for extortion. With operations spanning the United States, Russia, and many other countries worldwide, REvil is responsible for a wide range of cybercrime activities targeting major companies across multiple industries.
In May 2021, United States prosecutors indicted three Ukrainian nationals on charges related to their roles in a global “business email compromise” (BEC) campaign orchestrated by the REvil hacking group. Following this indictment, FBI officials requested assistance from Russian authorities in apprehending those involved with the criminal enterprise.
Given Russia’s own experience with cybercriminals and its long-standing relationship with several countries in former Soviet states, where much of REvil’s activity took place, it made sense for them to take action and work together with U.S. authorities to crack down on these criminals. The U.S.-Russia partnership has allowed officials on both sides to share resources and intelligence against this ongoing threat, bringing severe consequences to those who attempt such malicious activity online.
Although concrete details about their partnership have not been released yet, it is believed that the U.S.-Russia collaboration was key in defeating REvil’s network of cybercriminals, including those outside Russia’s borders; ultimately halting the group’s malicious activities worldwide within weeks following their May 2021 indictment by U.S prosecutors.
What was Russia’s involvement?
At the request of the US government, Russia’s Federal Security Service, known as the FSB, took down REvil (Ransomware Ex-loiters). This hacking group targeted multinational corporations with cyber attacks. The group was first identified in 2017 by Kaspersky Lab and has been linked to international incidents, such as the 2018 Winter Olympics in Pyeongchang and affairs with North Korea.
The FSB dismantled the infrastructure of REvil and its payment processors, cutting off their financial gains from ransomware victims. In addition, Russian authorities have arrested at least three persons suspected of belonging to the criminal organization. It is unclear if any other countries are involved in taking down REvil or if Russia assisted other countries during their operations.
Though there has been no clear statement from either party regarding official collaboration, Russia and the U.S. have historically worked together on cyber-crime related issues and this situation follows that trend. This move could be a sign of improved trust between these two countries who have had strained relations for more than a decade due to undisputed events like Sergei Magnitsky’s death and alleged interference in the 2016 presidential election.
Implications of Russia’s Action
In response to the U.S. request, Russia’s Federal Security Service (FSB) has taken down the notorious hacking group REvil. This is a significant action as REvil has engaged in many activities, ranging from ransomware attacks to data theft.
This latest development begs the question: what are the implications of Russia’s action? This article will explore the potential implications of the FSB’s decision to take down REvil.
What does this mean for the U.S.?
The U.S. asked Russia to take down the REvil (a major ransomware) hacking group, and the Russian Federal Security Service (FSB) complied. This cooperation is being heralded as a positive step in international relations between the two nations.
This could lead to a stronger relationship between the U.S. and Russia and might open the door for more cooperative efforts between the countries, such as joint cybercrime prevention strategies or information exchange initiatives, which could prove beneficial for both sides in mitigating cyber threats from global cybercriminal activities in various areas via measures such as collaboration on investigation efforts or sharing of evidence collected from law enforcement operations. It can also help reduce potential conflicts over cyber interference and other malicious activities associated with criminal organizations like REvil and may lead to increased communication between both countries, promoting greater understanding and collaboration on matters related to cybersecurity going forward.
For the U.S., this cooperative action is likely beneficial in many respects beyond improving bilateral ties with Russia: In addition to demonstrating its seriousness about tackling global cybercrime – especially when it comes to ransomware – this act has greatly weakened one of the most prolific ransomware gangs out there, which will have a serious, positive impact on American businesses’ security infrastructure going forward due to decreased chances of falling victim to REvil attacks resulting from their takedown of operations by Russian authorities.
Additionally, this accomplishment shows that collective action against organized crime can be successful when done correctly, setting an example for other international partners concerned about exploitative groups originating beyond their respective borders.
What does this mean for the cybersecurity landscape?
The news of the Russian Federal Security Service (FSB) taking down the REvil cyber-criminal enterprise has major implications for global cybersecurity. First, the FSB’s actions represent a major step forward in international cooperation against criminal organizations, as the US and Russia have typically been tense adversaries.
However, it remains to be seen how effective and long-lasting these effects will be on global cybersecurity. The takedown of REvil can only stop criminal activities in the short term and does not address any weaknesses of existing infrastructure that have allowed similar activities to occur unchecked and unchecked for years. Additionally, organizations must now be more vigilant and invest more resources into proactively strengthening their cyber defenses and ongoing threat monitoring efforts.
Furthermore, there is also potential concern regarding further Russian influence in other countries’ networks, as was recently demonstrated by the SolarWinds breach perpetrated by a state-sponsored Russian espionage group in 2020. Thus, governments across the world must remain mindful of their network vulnerabilities – even if they do not view Russia as a direct threat – to ensure that malicious actors are unable to gain unfettered access to sensitive information and assets on an ongoing basis.
Conclusion
The Russian Federal Security Service (FSB) claims to have taken down the notorious hacking group, REvil, following a request from the United States government. The move was taken to prevent any further attacks and potential data breaches.
REvil has been responsible for numerous high-profile cyber-attacks worldwide, including against celebrities and corporations such as Sony and HBO. Those responsible for these attacks could access sensitive information by exploiting vulnerable software systems and databases.
To take REvil down, the FSB conducted extensive investigations into their activities and recruited Russian law enforcement agencies, computer security firms, and hackers. They aimed to find those responsible for these attacks and collect evidence that would enable them to take legal action against them.
This operation also serves as an example of cooperation between different countries around cybersecurity issues which need international resolutions if they will be effectively addressed. Although some issues like election interference remain unsolved or have yet to be resolved in a unified way, actions like this offer hope for future collaboration between nations on cyber-crime challenges that cannot be solved unilaterally by any particular country or group of countries alone.
