Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Russia’s FSB Takes Down REvil Cyber Gang in an Unprecedented Series of Raids

Reuters reported on Friday that the Russian Federal Security Service (FSB) and local police launched a series of raids against members of the REvil/Sodinokibi ransomware gang at the request of the United States. More than a dozen arrests were made with millions in cash and goods being confiscated by authorities.

This unprecedented action from the Russian Federal Security Service aligns with the fear that we've observed while conducting cybercriminal chatter reconnaissance on the Dark Web.

Cybercriminals on the Dark Web indicated back in November 2021 that they believed there were secret negotiations on cybercrime between the Russian Federation and the United States and urged each other to prepare for potentially serious actions from Russia, according to Trustwave SpiderLabs’ research. 

The FSB's activity would apparently confirm these fears as the Russian agency stated the arrests were conducted at the behest of United States government. Although the U.S. government has not commented on this activity, the two governments did meet in June 2021 to discuss the issue of ransomware attacks.

The FSB's move is only the latest to strike REvil.

The ransomware gang has been under pressure by the Russian, Ukrainian and U.S governments since last summer when President Joe Biden specifically called out Russian President Vladimir Putin in July 2021 following the Kaseya VSA attacks – a mass-scale ransomware campaign that was attributed to REvil. In a phone call to Putin, Biden demanded that the Russian government take action against ransomware gangs operating inside Russian. 

Several days after this conversation, the REvil gang began to disappear from the Internet (before briefly reappearing and then seemingly shut down in October), and more arrests were made due to the collaboration between several law enforcement agencies internationally.

Only time will tell if REvil resources will reemerge in another form, as we've seen with other ransomware groups many times in the past.

In Friday's action, the Russian FSB and police raided 25 addresses, detaining 14 people, the FSB said, listing assets it had seized, including 426 million rubles (about $5.6 million), as well as more than $600,000 in U.S. cash, and another 500,000 euros, computer equipment and 20 luxury cars, Reuters reported.

REvil's method of operation included encrypting a target's database with ransomware along with data exfiltration. It then used the stolen data to blackmail their victim into paying the ransom. The threat being that if the organization refused to pay the ransom, the gang would make the sensitive information it had taken public.

Latest Trustwave Blogs

Mining Operations: Critical Cybersecurity Threats & Trends Revealed

Cybersecurity professionals often point out that threat actors do not differentiate when choosing a victim. To an attacker, a hospital is as useful a target as a law firm or even a mining operation....

Read More

Phishing: The Grade A Threat to the Education Sector

Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat...

Read More

Unlocking Cyber Resilience: UK’s NCSC Drafts Code of Practice to Elevate Cybersecurity Governance in UK Businesses

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with...

Read More