{"id":55917,"date":"2022-01-14T16:43:25","date_gmt":"2022-01-14T14:43:25","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=55917"},"modified":"2025-09-04T03:53:55","modified_gmt":"2025-09-04T00:53:55","slug":"fsb-says-it-dismantled-the-revil-hacker-group","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/fsb-says-it-dismantled-the-revil-hacker-group\/","title":{"rendered":"FSB says it dismantled the REvil hacker group"},"content":{"rendered":"<p>The Federal Security Service of the Russian Federation (FSB) said it has detained members of the hacker group REvil, behind the distribution of ransomware.<\/p>\n<p>Following searches at 25 addresses, 14 members of REvil were detained and authorities seized more than 426 million rubles, including cryptocurrency, $600,000 and \u20ac500,000, and 20 luxury cars. They also gained access to computers and crypto wallets linked to the group&#8217;s criminal activity.<\/p>\n<p>The arrest followed a request from U.S. authorities, who had reported on the &#8216;leader of the criminal network.&#8217; The FSB says it identified the full composition of the group and that it had ceased to exist, with the attackers&#8217; infrastructure also dismantled.<\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">14 January 2022 | 16:55<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>In the <a href=\"https:\/\/radiosputnik.ria.ru\/20220114\/khakery-1767877711.html\" title=\"https:\/\/radiosputnik.ria.ru\/20120114\/khakery-1767877711.html\">\u0421\u041c\u0418<\/a> there appeared a video of the detention of the suspects:<\/p>\n<figure class=\"wp-block-video\"><video controls src=\"https:\/\/u1f987.com\/wp-content\/uploads\/38.mp4\"><\/video><\/figure>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">14 January 2022 | 21:32<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>The court remanded REvil members Andrey Bessonov and Roman Muromsky in custody for two months.<\/p>\n<\/div>\n<\/div>\n<p>Experts say that REvil (also known as Sodinokibi) is one of the world&#8217;s largest hacker groups. It has often been linked to Russia.<\/p>\n<p>In October 2020 a REvil representative said that the hackers&#8217; annual earnings exceeded <a href=\"https:\/\/u1f987.com\/en\/news\/revil-ransomware-group-estimates-annual-income-at-over-100m\">$100 million<\/a>.\u00a0<\/p>\n<p>According to the FBI, in May 2021 <a href=\"https:\/\/u1f987.com\/en\/news\/russian-hackers-suspected-in-attack-on-worlds-largest-meat-producer-jbs\">victim<\/a> of the group was the world&#8217;s largest meat-processing company JBS. It paid the hackers a ransom of <a href=\"https:\/\/u1f987.com\/en\/news\/jbs-paid-11-million-in-bitcoin-to-ransomware-operators\">$11 million in bitcoins<\/a>.\u00a0<\/p>\n<p>In July, REvil <a href=\"https:\/\/u1f987.com\/en\/news\/revil-hackers-breached-thousands-of-companies-and-demanded-a-70-million-ransom-in-bitcoin\">attacked<\/a> the American software developer Kaseya, resulting in more than a thousand companies affected. For decrypting the files the attackers demanded <a href=\"https:\/\/u1f987.com\/en\/news\/kaseya-the-american-software-maker-obtains-decryptor-key-without-paying-ransom\">$70 million in bitcoins<\/a>. Later the company <a href=\"https:\/\/u1f987.com\/en\/news\/attacks-on-defi-projects-30-billion-rubles-for-a-sovereign-runet-and-other-cybersecurity-events\">stated the existence of a &#8216;universal decryptor key&#8217;<\/a> for the affected files without paying the ransom. <a href=\"https:\/\/u1f987.com\/en\/news\/attacks-on-defi-projects-30-billion-rubles-for-a-sovereign-runet-and-other-cybersecurity-events\">It emerged<\/a> that this key was initially obtained by the FBI.<\/p>\n<p>In the night of July 13, REvil&#8217;s dark-web sites <a href=\"https:\/\/u1f987.com\/en\/news\/revil-hacker-sites-vanish-from-the-dark-web\">went offline<\/a> abruptly.\u00a0<\/p>\n<p>At the time, some experts suggested that the sudden disappearance of the group from the dark web was linked to a telephone call between the presidents of the United States and Russia. In it, Joe Biden urged Vladimir Putin to curb ransomware attacks on American companies conducted from Russian soil.\u00a0<\/p>\n<p>Later, REvil attempted to resume operations, but in October the extortion sites <a href=\"https:\/\/u1f987.com\/en\/news\/revils-onion-domain-hack-knocks-its-sites-offline-again\">went offline again<\/a> after unknown actors took control of their payment portal and data-leak blog.<\/p>\n<p>In November, U.S. authorities imposed sanctions on Russian Evgeny Polyanin and Ukrainian Yaroslav Vasinsky, whom they accused of cooperating with REvil.<\/p>\n<p>In December it emerged that the FBI seized more than 39 BTC from the wallet of a Russian linked to the group.<\/p>\n<p>Follow ForkLog&#8217;s Bitcoin news on our <a href=\"\/\/telegram.me\/forklog\" target=\"\u201c_blank\u201d\" rel=\"\u201cnofollow\u201d noopener\">Telegram<\/a> \u2014 cryptocurrency news, rates and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Federal Security Service of the Russian Federation (FSB) said it has detained members of the REvil hacker group, behind the distribution of ransomware.<\/p>\n","protected":false},"author":1,"featured_media":55918,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,27],"class_list":["post-55917","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-russia"],"aioseo_notices":[],"amp_enabled":true,"views":"25","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/55917","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=55917"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/55917\/revisions"}],"predecessor-version":[{"id":55919,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/55917\/revisions\/55919"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/55918"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=55917"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=55917"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=55917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}