Share this article
Russian Authorities Say They’ve Dismantled REvil Ransomware Group at US Request
The FSB raided 25 residences, seizing approximately $6.8 million in various currencies including cryptocurrencies.
Updated May 11, 2023, 6:34 p.m. Published Jan 18, 2022, 7:52 p.m.
Russia’s top domestic intelligence agency says REvil – the Russia-based ransomware gang tied to the Colonial Pipeline attack – has “ceased to exist” after the agency arrested 14 alleged members of the criminal organization last week.
The Federal Security Service (FSB) raided 25 residences tied to REvil, seizing approximately $6.8 million in various currencies – including cryptocurrencies. The FSB also seized computer equipment, crypto wallets “that were used to perpetrate crimes” and 20 luxury cars, according to a Jan. 14 press release.
STORY CONTINUES BELOW
The FSB said the arrests were carried out at the request of “US authorities.”
U.S. President Joe Biden has been pressing Russian authorities to act against REvil and other Russian cyber criminals since last summer, when REvil demanded $70 million in bitcoin payments after hacking Miami-based software provider Kaseya. Russia has been slow to take action. Last week’s arrests are the first time – at least publicly – that Russian authorities have acted against one of the many ransomware groups based in Russia.
It is also the first time in years that U.S. and Russian intelligence agencies teamed up on a cyber crime operation. A few observers of U.S.-Russian relations have highlighted that the timing of the arrests coincides with Russia’s escalating efforts to invade Ukraine.
A White House official speaking on the condition of anonymity told reporters last Friday that the U.S. did not consider the arrests to be related to the ongoing events in Ukraine.
Russia’s motives for tackling REvil aside, the arrests are part of an uptick in global collaboration against ransomware gangs. Last year, Romanian, Kuwaiti and South Korean authorities independently arrested suspected members of REvil-affiliated hacking groups.
The momentum has continued into this year.
On Jan. 17, Europol announced that it had seized 15 servers belonging to VPNLab.net, a virtual private network provider that catered to cyber criminals and ransomware gangs, rendering the company’s virtual private network (VPN) services inoperable.
UPDATE (January 25, 2022, 4:26 UTC): Updates information that REvil demanded $70 million in ransom.
Plus pour vous
Ce qu'il:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Plus pour vous
State of Crypto: Wrapping Up the Month
Congress continues to make progress on crypto issues but things are moving slowly.
Top Stories
