The Russia-based REvil gang has carried out numerous attacks on major global companies, including the July attack on software provider Kaseya and the attack last May on the world’s biggest meat processing business, JBS. Former REvil associates are also believed to be responsible for the May cyberattack on the Colonial Pipeline that led to gas shortages on the United States East Coast.
The arrests marked a rare positive moment in U.S.-Russia relations, after a flurry of diplomatic efforts in Europe this past week failed to deter Russia’s military buildup near Ukraine and persuade it to de-escalate.
President Biden asked for President Vladimir Putin’s cooperation to fight cyberattacks and ransomware when the two met in Geneva in June, but Friday’s arrests mark Russia’s first major operation to halt Russia-based ransomware attacks around the globe.
The FSB said United States law enforcement gave detailed information on the gang leader’s identity and criminal activities.
“The FSB of Russia established the full composition of the REvil criminal community and the involvement of its members in the illegal circulation of means of payment, and documented illegal activities,” according to an FSB statement.
A Justice Department complaint filed last month in the Northern District of Texas named Aleksander Sikerin, of St. Petersburg in Russia, as a member of the REvil gang. According to the complaint, U.S. law enforcement seized $2.3 million in cryptocurrency in August tied to ransomware attacks carried out by him.
The FSB arrests of REvil gang members sent a message of the benefits of cooperation with Russia, at the same time underscoring the potential costs to the United States if relations worsen.
Diplomatic efforts to ease the crisis over Ukraine appeared to founder Thursday. Russian officials said there was no point in continuing security talks, after United States and NATO officials ruled out Russia’s key demand that Ukraine, Georgia and other nations including Sweden and Finland, be barred from ever joining NATO.
Russian officials have threatened to cut all ties with Washington if the Biden administration carries out its threat to impose sweeping sanctions on Russia should it launch a new attack on Ukraine.
The REvil arrests also came as unknown hackers targeted Ukrainian government websites early Friday, blocking access and warning Internet users to “expect the worst.”
Viktor Zhora, deputy head of Ukraine’s state agency of special communication and information protection, said that “close to 70” federal and local government websites were attacked, many of which were swiftly restored.
Read more: