Russia has announced it has dismantled the prominent hacking group REvil, which carried out a high-profile attack last year on US software firm Kaseya.
Russia's Federal Security Service (FSB) said in a statement that it had "suppressed the illegal activities" of members of the group during raids on 25 addresses that swept up 14 people. The searches were carried out following an "appeal from the relevant US authorities".
Cybersecurity companies have welcomed the news. Joseph Carson, Chief Security Scientist and Advisory CISO at ThycoticCentrify says: REvil are a well-known ransomware gang that has caused havoc for many organisations around the world so it is unsurprising that they would be a target. Many hackers around the world are using their skills for good and this includes government hackers who work vigorously to defend society from cybercrime, so targeting REvil will likely be a statement that governments will work together to stop cybercriminals at the source.”
Bert Steppé, Senior Researcher, Tactical Defence, F-Secure: "This operation is a positive development for international collaboration, and I hope to see this happening more often. This is how we can defeat well organized cybercrime groups such as REvil."
In May 2021, REvil hacked major meat supplier JBS, encrypting its computers and convincing the company to pay $11 million in exchange for a promise to not leak its files to an extortion blog it kept on the dark web. Over the Fourth of July weekend, the group hacked the software company Kaseya, using its connectivity to the larger internet ecosystem to infect more than 1,500 organisations around the world.
In recent months, REvil also claimed hacks of renewable energy supplier Invenergy, PC maker Acer and Apple supplier Quanta Computer. According to data from cybersecurity firm Check Point, it saw 15 attacks carried out by REvil per week over the last two months of 2021.