Dark Web Intel: Cybercriminals Feared a REvil-like Takedown by Russia Back in Nov 2021

If you believe the news, and that's a completely separate conversation, the Russia Federal Security Service (FSB) has taken down the notorious REvil hacking group at the United States' request.


According to their reports, the Russian FSB and police raided 25 addresses associated with REvil members, detaining 14 people. The Russian FSB listed assets it had seized, including 426 million rubles (about $5.6 million), as well as more than $600,000 in U.S. cash, and another 500,000 euros, computer equipment and 20 luxury cars

"This unprecedented action from the Russian Federal Security Service (FSB) aligns with the fear that we've observed while conducting cybercriminal chatter reconnaissance on the Dark Web," said Ziv Mador, VP of Security Research on the elite SpiderLabs team at Trustwave -- a top managed detection and response provider credited with finding a mass voter database for sale on the Dark Web during the notorious 2020 presidential election.


"Cybercriminals on the Dark Web indicated back in November 2021 [link to research blog with quotes from Dark Web forums] that they believed there were secret negotiations on cybercrime between the Russian Federation and the United States and urged each other to prepare for potentially serious actions from Russia. Time will tell if REvil resources will reemerge in another form, as we've seen with other ransomware groups many times in the past," said Mador.


The ransomware gang, which was notably behind the Colonial Pipeline attack in May 2021, has been under pressure by the Russian, Ukrainian and U.S. governments since last summer when President Joe Biden specifically called out Russian President Vladimir Putin in July 2021 following the 'last straw' Kaseya VSA attacks – a mass-scale ransomware campaign launched by REvil that affected thousands of organizations.


In a phone call to Putin, Biden demanded that the Russian government take action against ransomware gangs operating inside Russian.


It will be interesting to see if this REvil takedown is truly a step in the right direction against ransomware gangs or if it's simply a false flag for Russia's desire to invade Ukraine.


“Russia is laying the groundwork to have the option of fabricating a pretext for invasion, including through sabotage activities and information operations, by accusing Ukraine of preparing an imminent attack against Russian forces in eastern Ukraine,” a U.S. official told Shannon Vavra at The Daily Beast. “Russia has already prepositioned a group of operatives to conduct a false flag operation in eastern Ukraine.”


“Our information also indicates that Russian influence actors are already starting to fabricate Ukrainian provocations in state and social media to justify a Russian intervention and sow divisions in Ukraine,” the official said.


###