US 'welcomes' Russian arrests of REvil ransomware gang

The US said it "welcomes" news out of Russia on Friday that security forces there arrested hackers tied to the devastating REvil ransomware gang, officials in both countries confirmed.

"We understand that one of the individuals who was arrested today was responsible for the attack against Colonial Pipeline last spring," a senior Biden administration official said about an incident that caused gas shortages on the eastern coast of the US.

Russia's Federal Security Service, the FSB, announced the hackers' arrests. In addition to the pipeline hack, REvil was said to be behind the cyberattack on Kaseya over the Fourth of July holiday weekend last year that devastated over 1,000 businesses around the world including a Swedish supermarket chain.

A source told the Reuters news agency the group could also be tied to a cyberattack last year targeting Brazil-based meat processor JBS S.A.

What did the FSB do?

The FSB raided 25 addresses and arrested 14 hackers involved with REvil.

In the process, the FSB seized more than 426 million rubles ($5.6 million or €4.9 million) worth of cash, cryptocurrency, computers, and cars.

The REvil hackers arrested by the FSB have been charged with "illegal circulation of means of payment," and could face up to seven years in prison.

The Russian REN TV network aired footage of officers pushing suspects down and seizing piles of cash in dollars and rubles before carting them off during the raids.

While the FSB did not name those they arrested, a Moscow court named two of those charged as Roman Muromsky and Andrei Bessonov. Both were ordered to remain in custody for two months.

The FSB said the operation was carried out at the behest of US authorities who sought the arrest of the group's leader. It is the first such action since Russian leader Vladimir Putin and US President Joe Biden met last summer in Geneva.

ReEvil members have taken millions in ransom payments

When announcing charges against two REvil members in November of last year, US Attorney General Merrick Garland said that cyberattacks carried out by REvil have cost computer users worldwide a minimum of $200 million in ransom payments.

Though the Russian government claimed responsibility for dismantling the REvil ransomware gang, cybersecurity experts say the group effectively did so on its own last year. Members of the group moved on to new grifts and the arrests in no way signal a broader crackdown on hackers in Russia, those experts said.

The news comes the same day Ukrainian government websites were defaced and separately US officials warned Russia may stage a "false flag" incident as a pretext to invade of Ukraine.

While the US and the EU did not attribute Friday's cyberattack, Ukraine's Security Service, the SBU, said the initial findings of their investigation pointed to "hacker groups linked to Russia's intelligence services."

The events come at the end of a long week of intense diplomacy focused on Russia and Ukraine with Russia's Deputy Foreign Minister Sergey Ryabkov meeting with US Undersecretary of State Wendy Sherman in Geneva earlier in the week before continuing to Brussels to meet with NATO and the Organization for Security and Cooperation in Europe (OSCE).

ar/wd (AFP, AP, Reuters)