REvil Ransomware Arrests: Russia Apprehends Alleged Colonial Pipeline Hacker
Russian authorities have arrested alleged REvil ransomware group members and taken down the malware group’s infrastructure, according to a statement from the Federal Security Service of the the Russian Federation. That particular hacker group in 2021 allegedly launched ransomware attacks against Colonial Pipeline and Kaseya, among other targets.
According to Russian officials:
- funds were seized at 25 addresses at the places of residence of 14 members of the organized criminal community:
- items seized included over 426 million rubles, including in cryptocurrency, $600,000 US dollars, $500,000 euros, as well as computer equipment, crypto wallets used to commit crimes, and 20 premium cars purchased with money obtained from crime.
- The detained members were charged with committing crimes under Part 2 of Art. 187 “Illegal circulation of means of payment” of the Criminal Code of Russia.
Related from SC Media: Russian authorities move to take down members of REvil, but what does it mean?
U.S. Senior Administration Official: Russia Arrested Colonial Pipeline Hacker
In response to the arrests, The White House held a background cybersecurity press call for the media. According to a senior administration official on the call:
- President Biden and President Putin set up a White House-Kremlin Experts Group on ransomware in June 2021.
- The U.S. and Russia have been sharing information through this channel, including information related to attacks on American critical infrastructure.
- One of the individuals arrested was responsible for the Colonial Pipeline ransomware attack.
- The White House expects Russia pursue legal action “within its own system against these criminals for the crimes that they have created — that they have done.
Cyberattacks Target the Ukraine
The apparent cyber diplomacy between Russia and the United States comes at a particularly touchy time. Indeed, the U.S. is closely monitoring cyberattacks against the Ukraine — which may be a precursor to alleged Russia plans to invade that country. Russia has denied any role in the Ukraine-targeted cyberattacks.