Russian authorities take down REvil ransomware gang


Danny Palmer

Written by

Danny Palmer, Senior Reporter

Danny Palmer

Danny Palmer
Senior Reporter

Danny Palmer is a senior reporter at ZDNet. Based in London, he writes about issues including cybersecurity, hacking and malware threats.

Full Bio

on January 14, 2022

| Topic: Security

Inside a ransomware gang: Beware these aggressive tactics

Watch Now

Suspected members of the cyber criminal REvil ransomware gang have been detained and the group has been dismantled following raids by Russia’s Federal Security Service (FSB), Moscow has said. 

Joint action by the FSB and the Ministry of Internal Affairs of Russia was taken at 25 properties across several regions of Russia, including Moscow, St. Petersburg and Lipetsk, linked to 14 members of the REvil ransomware group.

According to a statement from the FSB, several member of REvil have been detained and charged. Computer equipment has been seized along with cryptocurrency and crypto wallets, as well as over 426 million rubles, $600,000 US dollars and Є500,000 in Euros. It said 20 luxury cars bought with money obtained from ransomware attacks has have also been seized.

SEE: A winning strategy for cybersecurity (ZDNet special report)    

The raids took place following requests from the United States, which has been a major victim of ransomware attacks by REvil.

Previous action has been taken against REvil, including suspected members being arrested in Romania and Ukraine, but the raids by the FSB is the first time Russian authorities have taken action against the group.

One of the most significant alleged REvil attacks targeted Kaseya, an IT solutions developer for MSPs and enterprise clients. REvil was also accused of being responsible for a major ransomware attack against food supplier JBS, which paid $11 million in Bitcoin to the attackers in exchange for the key required to decrypt the network.

Last year, the United States and other G7 countries warned Russia that it needed to take responsibility for ransomware and other cyber criminal groups operating within its borders. Ransomware has become one of the biggest cybersecurity issues facing the world today, with attacks against every sector resulting in disruption.

High-profile incidents have seen hospitals and healthcare services, energy suppliers and local governments hit with ransomware attacks, preventing people from being able to access vital services they need. 


Bosses are reluctant to spend money on cybersecurity. Then they get hackedRansomware gangs are now rich enough to buy zero-day flaws, say researchersThis company was hit with ransomware, but didn’t have to pay up. Here’s how they did itThe White House is having a big meeting about fighting ransomware. It didn’t invite RussiaHave we reached peak ransomware? How the internet’s biggest security problem has grown and what happens next

Security TV

Data Management


Data Centers