Last Friday, 14 members of a ransomware group known as REvil were arrested by Russian authorities at the request of the United States[1]. Of those arrested, one individual has been attributed as having been partially responsible for the Colonial Pipeline attack in May of 2021[2]. REvil as an organization has executed numerous cyberattacks since their inception in 2019[3], among those being attacks on American software company Kaseya[4] and Brazil-based meat processing company JBS[5]. This is the first major case in which Russia has cracked down on domestic cyberthreats to international organizations.
These arrests are very impactful both in terms of security and in politics. These arrests likely mean that there will be fewer attacks from this group, and those that do occur may not be as severe as those they conducted in the past. In addition to that, this sets a precedent for cooperation between the United States and Russia for action against cybersecurity threats in the future. Whether or not this kind of diplomatic relationship can or will be maintained is something we will have to observe over the coming months and/or years.
Although the arrests are big news, it is unlikely that this is the end of REvil’s attacks. Russian authorities have suggested that all (or at least most) of those arrested are not the masterminds behind the attacks, but rather underlings[6]. Even if REvil is to be disbanded, those primarily behind the organization’s attacks will likely gather under a new (or perhaps even the same) name and continue their pursuits. We will have to see if Russian authorities continue to track down and arrest members of REvil, or if they will drop the case and consider it settled (at least for now).
This series of arrests comes at a time where political tensions are rising between Russia, Ukraine, and the United States as the Ukrainian border has become increasingly populated by Russian military forces (possibly as preparation for an invasion). It appears to be the only fruitful agreement between Russia and the U.S. as other talks about peace for Ukraine have failed[7]. It is possible that the Russian government’s cooperation in this case may be related to these events.
The action of the Russian government in dealing with this domestic hacker group has spawned some interesting discussion and gives us something in the cybersecurity space to observe as time passes. Whether cooperation between the United States and Russia continue, conflicts of interest occur (as they often do), or further events bring more information to light, there’s a lot to keep an eye on.
- References
- [1] Dixon, R., & Nakashima, E. (2022, January 15). Russia arrests 14 alleged members of Revil Ransomware Gang, including Hacker U.S. says conducted Colonial Pipeline Attack. The Washington Post. Retrieved January 18, 2022, from https://www.washingtonpost.com/world/2022/01/14/russia-hacker-revil/
- [2] Miller, M. (2022, January 14). Russia arrests Hacker in colonial pipeline attack, U.S. says. POLITICO. Retrieved January 18, 2022, from https://www.politico.com/news/2022/01/14/russia-colonial-pipeline-arrest-527166
- [3] Wikimedia Foundation. (2022, January 15). Revil. Wikipedia. Retrieved January 18, 2022, from https://en.wikipedia.org/wiki/REvil
- [4] Wikimedia Foundation. (2021, November 27). Kaseya VSA ransomeware attack. Wikipedia. Retrieved January 18, 2022, from https://en.wikipedia.org/wiki/Kaseya_VSA_ransomware_attack
- [5] Wikimedia Foundation. (2021, September 25). JBS S.A. cyberattack. Wikipedia. Retrieved January 18, 2022, from https://en.wikipedia.org/wiki/JBS_S.A._cyberattack
- [6]Leyden, J. (2022, January 17). Celebrations over Revil ransomware arrests in Russia may be premature. The Daily Swig | Cybersecurity news and views. Retrieved January 18, 2022, from https://portswigger.net/daily-swig/celebrations-over-revil-ransomware-arrests-in-russia-may-be-premature
- [7] Kirby, P. (2022, January 14). Is Russia preparing to invade Ukraine? and other questions. BBC News. Retrieved January 18, 2022, from https://www.bbc.com/news/world-europe-56720589
It does seem to follow that as we all become more reliant on the online world, international cooperation to try and stamp out malicious actors becomes more important. The influence that foreign groups can have upon people of different countries is immense, and represents a weird departure from typical crime which typically doesn’t affect those outside of a regional area. I wonder how much of this is caused by increasing globalization (though I don’t think its much), or whether isolationist policies on the issue would be effective; It seems like working together is needed to prevent these types of things.
Another thing that struck me is how similar these new groups are to mob types of old, where higher-ups evade justice and underlings are cycled through prisons. The apparent return of organized crime in the digital age does make the stereotypes of hackers seem even more ludicrous, and is worrying in general.
Good post!
Hey,
Nice post!
This kind of incident happening in the world makes people realize how important cybersecurity is and
spread awareness about cybersecurity. I like the way you highlighted this incident, notifying about the arrest and explaining what REvil ransomware is and about their past, then corelating politics in this incident and talking about Russia-US relationship and then stating that this could continue because the arrested weren’t the main masterminds and they could do this under a new name. This would encourage businesses to protect their data from this kind of threats and secure their data properly.
I always find it so interesting and cool when hackers are actually able to be found and arrested! I feel like in this day and age I hear a lot more about scammers and people of that sort getting away with things than actually getting persecuted. It was always interesting to see the Russian authorities cooperating with the USA especially now considering the political climate
Hey great post, I have heard of Reevil attempt at cyberhacking. In fact, they have made quite a name for themselves in the online world and community. I am glad that they were caught as it might have made the world a little better place. Nonetheless, I am sure there are many organizations like these running and attacking around the world with little to no oversight. I wanted to ask what do you think would be the most practical way of stopping these groups? What type of policies would need to be implemented to ensure that these groups are stopped for good?
Great post! This is a step in the right direction, when it comes to tackling cyber attackers, because it does not benefit anyone if the countries do not come together to stop these attackers(unless the attackers are agents of the state). But I do hope this leads to more cooperation between countries to reduce the amount of cyber attacks.