Cybersecurity Cyber Security HackerNews

Russia pins down ransomware group REvil

The Agence France Presse (AFP) reported that members of the ransomware group responsible for the Kaseya attack last year were arrested by Russian officials, “as per the request” of the United States government.

Kaseya is a US software firm servicing different industries. REvil’s attack on the company was reported on July 2 and affected 1,500 businesses in at least 17 countries.

In May 2021, cybersecurity solutions firm Kaspersky reported the reemergence of REvil after being inactive for some time. The group also goes by the names Sodinokibi and Sodin. Its history of attacks targets MSPs (managed service providers), engineering and manufacturing sectors finance, professional and consumer services, legal, IT and telecommunications, and food and beverage industries. (More about REvil here.)

Kaspersky sheds light on the ransomware ecosystem
Cyber intrusion more than doubled in first half of 2021 — Accenture

According to the Reuters report, the REvil group is also behind the attack on Colonial Pipeline which caused gas shortages on the US and East Coast. The ransomware group developed the encryption software called DarkSide used in the attack.

News reports say that Russia’s Federal Security Service and the police seized 426 million roubles, $600,000, 500,000 euros, computer equipment, and 20 luxury cars during the raid that arrested 14 suspects.