Bulletin
What’s the news?
Russia has dismantled ransomware crime group REvil at the request of the United States in an operation in which it detained and charged the group’s members, according to the FSB domestic intelligence service.
Tessian’s take from Paul Laudanski, Head of Threat Intelligence:
This is the first time, in a while, that the U.S. and Russian have cooperated on such an investigation, so hopefully it is an indication of relations warming up between the two countries.
Against the backdrop of geopolitical tensions between the Russian Federation and the U.S. concerning Ukraine and Russia’s talk surrounding sending troops to Latin America, the REvil takedown has certainly come out of the blue. But while the Russian Federation is asserting that the REvil infrastructure has been taken down, this likely does not mark the end of this group or its lucrative ransomware-as-a-service model. REvil sprouted up after the takedown of another group, GandCrab, and history has shown us that groups like REvil will resurface again – especially with its ransomware-as-a-service lucrative model. It may not be the same name, but the model and the technology will certainly return along with people associated with REvil.
I do not believe this is the end – REvil 2.0 will learn from this incident and prepare for its return or another incarnation.
