Mikhail Golovachuk, another of those detained.  Reuters Photo

The Russian Federal Security Service (FSB) carried out a special operation against the hackers of the Russian group REvil, one of the most prolific cybercriminal gangs in the world, and gave considered it dismantled. By the end of 2020, the group had hacked into the Argentina.gob.ar site.

“Thanks to the joint actions of the FSB and the Russian Interior Ministry, the organized criminal group ceased to exist,” the entity reported, quoted by the Russian agency Interfax, noting that the agents “neutralized the computer infrastructure used for criminal purposes.”

According to the FSB, the United States, which asked Russia to act against the hackers, was informed of “the results of the operation” that neutralized the group, which is responsible for cyberattacks against American companies.

“The FSB identified the members of the REvil criminal group, established their involvement in the illegal flow of payments, and documented the illegal actions,” the FSB said.

Mikhail Golovachuk, another of those detained. Reuters Photo

The Russian operation led to the arrest of 14 members of the network, who were charged with “illegal use of means of payment”, a crime defined in the Russian Criminal Code.

426 million rubles (5.6 million dollars) were seized, in addition to $600,000, 500,000 euros, in addition to computer equipment and twenty luxury cars.

Last November, the US government imposed sanctions on a Russian and a Ukrainian, whom it accused of being behind cyberattacks against US companies, and offered a $10 million reward for information leading to the arrest of those involved. in this network of hackers.

Washington accused the group of being behind the 2021 cyberattacks against meat company JBS Foods and software firm Kaseya, which provides services to more than 40,000 organizations worldwide.

According to the US, the group used “ransomware” against new US companies, a program capable of blocking a computer from a remote location and that hijacks its files and does not release them until get a ransom payment.

Since 2019, several large international corporations have been victims of serious cyberattacks with this ransomware, which led France, Germany and Romania, coordinated by Europol and Euroust, to strengthen their operations by creating a joint investigation team in May 2021.

Argentina, Apple, Acer and more: some of the victims of REvil

REvil, one of the largest ransomware groups in the world.  Photo Bleeping Computer

REvil, one of the largest ransomware groups in the world. Photo Bleeping Computer

On November 26, 2020, the same year that Argentina suffered a hack to its Migrations database, the Argentina.gob.ar site was hacked by REvil. Back then they had managed to hijack 50 GB of public information.

Revil: the ransomware that now affected Argentina.gob.ar

Revil: the ransomware that now affected Argentina.gob.ar

“You should contact us. If you don’t do it in a week, we’re going to publish all the data we downloaded from your site (50 GB of data),” Revil’s site explained at the time.

But Argentina was one of its many victims. Other organizations and companies had already fallen into their clutches.

In April of last year, REvil had managed to hack into a database and steal the latest Apple products.

At the time, the gang of cybercriminals published on their blog a “ransom note” – the extortion itself – with the information that they hacked Quanta Computer, a Taiwanese third-party provider that is associated with more than a dozen large American technology companies. , such as Apple, Dell or Hewlett-Packard, among others.

Another company attacked had been Acer, in March of last year. REvil had asked him for $20 million in cryptocurrency to decrypt stolen information.

In November of last year, seven members of the group had already been arrested, together with the GrandCrab gang.

Now, Russia appears to have completely dismantled it.

Leave a Reply