According to the FSB, Russia’s Federal Security Bureau (ФСБ), the ransomware gang known in both Russian and English by the nickname “REvil” has been taken down:
ФСБ России установлен полный состав преступного сообщества «REvil»
The Russian FSB has identified the entire criminal enterprise known as “REvil”
In our zest to tell you what we’re told happened, we’re admittedly relying on automated translation of the report, but as far as we can tell, the FSB claims that the investigation has led to:
- Police raids on 25 addresses in at least Moscow, St Petersburg, Moscow, Leningrad and Lipetsk.
- Numerous arrests. Up to 14 individuals were implicated, but the report doesn’t say how many were actually taken into custody.
- More than US$5,000,000 confiscated in the form of rubles and cryptocoins.
- US$600,000 and EUR500,000 seized in cash.
- 20 fancy motors towed away on the grounds that they were “purchased with the proceeds of crime”.
The US connection
The FSB report explicitly mentions that the investigation and the raid were initiated by a request received from US law enforcement, which had apparently identified the REvil ringleader and provided evidence of the gang’s involvement in criminal extortion against US victims.
The FSB also offers a bullish conclusion, claiming that as a result of the raid “this cybergang ceased to exist, and its criminal infrastructure was neutralised”.
We hope that’s true, and that the core of the REvil ransomware-as-a-service operation really is now out of action…
…but the real problem with contemporary cybercrime is that [a] there are many ransomware gangs still operating, albeit now with less impunity than before, and [b] there are many other sorts of cybercrime.
Spammers, scammers, spyware pushers, phishers, password stealers, money launderers, fake support callers, and any number of other cybercrime perpetrators are still out there, and many of these will probably not be affected by this raid at all.
What to do?
So, despite this welcome news:
- Remember that prevention is better than cure.
- Don’t let your guard down.
- Patch early, patch often.
- Encourage your users to report suspicious online activity.
And, while you’re about it, why not read the advice from our latest State of Ransomware report?