Four members of the Russian gang behind the REvil ransom ware were arrested in Russia at the request of U.S officials on Thursday. The arrests took place on charges of wire fraud, conspiracy to commit wire fraud, and computer intrusion charges after an investigation by the U.S Department of Justice (DOJ). It also took place with assistance from law enforcement agencies in Germany, France, Croatia, Lithuania, and Estonia.
In what is being hailed as a unprecedented move, Russian officials have arrested members of the cybercrime gang responsible for distributing REvil ransom ware globally. The arrests come after an extensive investigation led by the U.S. Federal Bureau of Investigation (FBI) and Department of Justice (DOJ).
With REvil malware alone, victims were threatened with the cost to retrieve their data increasing by $200 USD if they failed to pay a ransom within 72 hours. As a result, most victims never regained access to their data because they could not afford to pay this price even once for what would likely be hundreds or thousands or dollars worth of lost data files.
The gang’s activity
The three-man gang sold the ransomware kit through an online forum and created a slick website to help persuade people to buy it. They exploited security loopholes, like the MS17-010 vulnerability that Microsoft patched back in March 2017, so their target victims wouldn’t know they were infected and wouldn’t pay them. The three men operated independently from each other and would use fake identities for their transactions. One person would advertise on social media; another person would handle credit card payments; and the third person, who’s known as Moca Alexander, would get the money and send it to his partners by Western Union. REvil uses a multilingual interface with text in French, English, Spanish and Portuguese so potential customers are convinced they’re dealing with a legitimate operation.
The demand for extradition
The Russian Interior Ministry announced last week that it has arrested the head of the REvil ransomware gang to assist with an ongoing investigation. This ransomware variant is often distributed through spam messages with links to malicious websites, which use social engineering tactics to trick users into opening a fake PDF file which contains REvil’s payload. The U.S. Department of Justice issued a request for extradition from the Russian authorities after being unable to locate this suspect on their own and would be seeking his trial as soon as possible for violations of federal law in connection with conspiracy, unauthorized computer access and wire fraud. In this blog post, we will explore these charges in more detail and what they could mean for him if convicted.
A gang of Russian hackers and their accomplices have been arrested for allegedly using ransomware to extort millions from companies and individuals around the world. The arrests were made at the request of United States officials who had been investigating the Revil gang for nearly two years, and finally got a U.S. indictment for them this month.
Alexey Pichov was one of those arrested, as well as his accomplice Arkadiy Dubovoy, who is wanted by Europol on charges related to denial-of-service attacks. While being investigated in relation to cybercrime charges, they were also subject to extortion demands that they used against a number or victims in the US, Canada, France, Germany and Poland.
Comment from cybercrime expert
Ransomware is a type of malware that restricts access to the computer system and its data, demanding a ransom (often paid in cryptocurrency) to release it.