“I think I’m worried about Russia’s false intentions [for conducting the REvil arrests] it’s very clear, “said John Hultquist, vice president of intelligence at the Mandiant security company. But I think that’s still good news. The actors should have known that if you were harassing tens of thousands of people and stealing millions of dollars, you would not survive the sunset. ”
This was not the first time people suspected of being a member of the REvil were being investigated by the police. In November, 22-year-old Ukrainian state Yaroslav Vasinskyi was arrested in Poland by guilty of conspiracy against Kaseya. Vasinskyi allegedly misused Kaseya’s assets to send a REvil code that circulated the ransom group through Kaseya’s networks, according to Decision of the Department of Justice. Yevgeniy Polyanin, a 28-year-old Russian man, was also accused of sending a ransom for REvil — who is accused of making 3,000 threats — and confiscating his $ 6.1 million fortune.
Law enforcement agencies around the world, including Ukraine, have been working together to crack down on ransomware. As of February 2021, Europol has been under arrest five destroyers connected by REvil and it is estimated that 17 countries have been conducting research. These include the US, UK, France, Germany, and Australia.
However, without Russia’s cooperation, government officials have been very strict about what terrorists can get. After hitting zenith — or nadir — with more disruption and devastation in the summer of 2021, REvil was often tarnished after international law violated its rules. construction. Some Russian groups, however, like the well-known DarkSide team and his successor BlackMatter, will continue to follow, to this day.
“The big question, I think, is, does this represent a real change in Russia’s goal of tackling the problem, or has REvil been simply sacrificed to reduce the pressure on other countries?” says Brett Callow, an analyst at the Emsisoft antivirus company. “I doubt the latter.”
Callow and others emphasize, although it will take time to learn more about the Russian government’s approach, seeing more criminals arrested should be deterred. And in affiliate companies such as the ransomware market, any disruption is necessary.
“I agree that there must be some incentives other than ‘the US asked us well,’ but regardless, this will also damage the ransomware economy, in the short term,” said former NSA respondent and former robber Jake Williams.
Over time, several ransomware groups operating outside of Russia remain active. The removal of REvil is a sign of progress, but more important is the Kremlin’s desire to retaliate against other terrorist groups.
Some of the Best WIRED Stories