U.S. confirms Russia arrested REvil ransomware hackers

  • Written by Axios
  • Published in Politics
Internet Party

Russia's security agency said Friday it arrested members of the Russia-based cyber gang REvil that was responsible for multiple massive ransomware attacks against U.S. companies last year.

The latest: A senior administration official confirmed on Friday afternoon that Russia informed the U.S. that it arrested the alleged hackers, including an individual responsible for the cyberattack that crippled the Colonial Pipeline.


What they're saying: "I want to be very clear: In our mind, this is not related to what's happening with Russia and Ukraine. I don't speak for the government's motives, but we're pleased with these initial actions," the official said on a call with reporters.

Between the lines: The Colonial Pipeline hack, which was the largest cyberattack on an oil infrastructure target in U.S. history, was originally attributed to the ransomware gang DarkSide. The arrest of the alleged REvil member likely reflects the amorphous nature of these types of criminal groups.

Why it matters: Russia's Federal Security Service said the arrests were made based on an appeal from the United States, marking a rare occurrence of cybersecurity coordination between the two countries.

  • The security agency did not disclose specifically how many people were arrested, but said that it seized $600,000, 500,000 euros, 426 million rubles, computer equipment, crypto wallets that were used to commit cybercrimes and 20 cars purchased with illegally obtained money.
  • The U.S. does not have an extradition treaty with Russia, but the senior official said that the administration's "expectation" is that Russia will be "pursing legal action within its own system" to hold the suspects accountable.

The big picture: The news of the arrests came as a surprise to many...

Read more from our friends at Axios