Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Russia’s FSB Takes Down REvil Cyber Gang in an Unprecedented Series of Raids

Reuters reported on Friday that the Russian Federal Security Service (FSB) and local police launched a series of raids against members of the REvil/Sodinokibi ransomware gang at the request of the United States. More than a dozen arrests were made with millions in cash and goods being confiscated by authorities.

This unprecedented action from the Russian Federal Security Service aligns with the fear that we've observed while conducting cybercriminal chatter reconnaissance on the Dark Web.

Cybercriminals on the Dark Web indicated back in November 2021 that they believed there were secret negotiations on cybercrime between the Russian Federation and the United States and urged each other to prepare for potentially serious actions from Russia, according to Trustwave SpiderLabs’ research. 

The FSB's activity would apparently confirm these fears as the Russian agency stated the arrests were conducted at the behest of United States government. Although the U.S. government has not commented on this activity, the two governments did meet in June 2021 to discuss the issue of ransomware attacks.

The FSB's move is only the latest to strike REvil.

The ransomware gang has been under pressure by the Russian, Ukrainian and U.S governments since last summer when President Joe Biden specifically called out Russian President Vladimir Putin in July 2021 following the Kaseya VSA attacks – a mass-scale ransomware campaign that was attributed to REvil. In a phone call to Putin, Biden demanded that the Russian government take action against ransomware gangs operating inside Russian. 

Several days after this conversation, the REvil gang began to disappear from the Internet (before briefly reappearing and then seemingly shut down in October), and more arrests were made due to the collaboration between several law enforcement agencies internationally.

Only time will tell if REvil resources will reemerge in another form, as we've seen with other ransomware groups many times in the past.

In Friday's action, the Russian FSB and police raided 25 addresses, detaining 14 people, the FSB said, listing assets it had seized, including 426 million rubles (about $5.6 million), as well as more than $600,000 in U.S. cash, and another 500,000 euros, computer equipment and 20 luxury cars, Reuters reported.

REvil's method of operation included encrypting a target's database with ransomware along with data exfiltration. It then used the stolen data to blackmail their victim into paying the ransom. The threat being that if the organization refused to pay the ransom, the gang would make the sensitive information it had taken public.

Latest Trustwave Blogs

Unveiling the Latest Ransomware Threats Targeting the Casino and Entertainment Industry

Anyone who has visited a casino knows these organizations go to a great deal of expense and physical effort to ensure their patrons do not cheat. Still, there is a large group of actors who are...

Read More

Third-Party Risk: How MDR Offers Relief as Security Threats Abound

While third-party products and services are crucial to everyday business operations for almost any company, they also present significant security concerns, as high-profile attacks including...

Read More

Trustwave Takes Home Comparably Best Company Outlook for 2024 Award

Comparably, a leading workplace culture and compensation monitoring employee review platform selected Trustwave to receive its Best Company Outlook for 2024 Award. This award marks the seventh time...

Read More