Responsible for the attacks on Colonial Pipeline, JBS, or Kaseya in 2021, REvil had become the U.S. government’s priority target, as part of the new U.S. doctrine against ransomware targeting critical infrastructure that is now treated as a priority on par with terrorist attacks.
The U.S. managed to take REvil’s servers offline twice, in the summer and autumn of 2021. The FBI, Europol, and Eurojust then arrested seven members of the ransomware gang in the United States, Romania, South Korea, and Kuwait. U.S. President Joe Biden also urged his Russian counterpart Vladimir Putin to step up action against cybercriminals on Russian soil.
On 14 January 2022, at the request of the American secret services, the FSB (Federal Security Service of the Russian Federation) carried out a large-scale operation against the REvil members.
In a statement, the FSB said it had made 14 arrests (after searching 25 addresses in Moscow, St Petersburg, and Lipetsk) and seized 500,000 euros, 426 million roubles (about 4.9 million euros), 600,000 dollars (about 525,000 euros), 20 luxury cars and computer equipment.
The FSB states that REvil has thus been “neutralised”. However, as Russian law prevents the extradition of Russian nationals, none of the arrested Russian hackers will be tried in the U.S.