“I think worrying about Russia has ulterior motives [for conducting the REvil arrests] Completely plausible,” said John Hultquist, vice president of threat intelligence at security firm Mandiant. “It’s basically a feather in their hat, and you can definitely be cynical about it and think it’s all signaling. But I think it’s still good news in the end. Actors need to know that if you’re harassing thousands of people and stealing hundreds of millions of dollars, you can’t ride to the sunset. “
This isn’t the first time an alleged REvil member has faced enforcement action. In November, 22-year-old Ukrainian national Jaroslav Wasinski was arrested in Poland. Accused of Kaseya attack. Vasinskyi allegedly abused Kaseya products to deploy REvil code and then spread the group’s ransomware through Kaseya’s network. Department of Justice indictmentYevgeniy Polyanin, a 28-year-old Russian national, was also charged with deploying REvil’s ransomware — he was charged with 3,000 ransomware attacks — and forfeited $6.1 million of his assets.
Law enforcement agencies around the world, including Ukraine, are increasingly cooperating against ransomware attackers.Europol has made arrests since February 2021 Five hackers linked to REvil It said 17 countries have been conducting investigations. These include the US, UK, France, Germany and Australia.
Without Russian cooperation, however, officials have some hard limits on the gangs they can effectively target.After peaking or nadir in the summer of 2021 with a series of destructive and destructive attacks, REvil undermined its infrastructure. However, other Russia-based groups such as notorious dark gang and its successor BlackMatter, at least for now, are continuing their goals.
“I guess the big question is, does this represent a real shift in Russia’s intentions in dealing with this issue, or is REvil just sacrificed to relieve some international pressure?” said Brett Callow, a threat analyst at antivirus firm Emsisoft. “I suspect the latter.”
However, Kahlo and others emphasized that while it will take time to learn more about the Russian government’s practices, seeing so many REvil operators arrested should have some deterrent effect. In an interconnected industry like the ransomware market, every disruption counts.
“I agree that there are certainly other motives besides ‘the United States is demanding of us,’ but in any case, this will further disrupt the ransomware economy, at least in the short term,” Jake Williams, incident responder and former NSA hacker Say.
In the long run, several ransomware groups operating outside of Russia remain very active. The REvil outlaw is a sign of progress, but what really matters is the Kremlin’s interest in going after other gangs.
More great Wired stories