In the Ken’s Korner Newsletter of June 2021, we discussed the scourge of ransomware. Here is an update on what is happening in the world of computer hackers?

It was reported in TechRadar, (and many other news agencies) that one of the most notorious cybercriminal groups has “ceased to exist”. Russian authorities announced that they have dismantled the infamous REvil ransomware gang.

The FSB searched twenty-five addresses, detained fourteen people and seized numerous assents. Some of those assets included $600,000, 500,000 euros, and 426 million roubles, (around $5.5m at the current exchange rate) Authorities also confiscated twenty luxury cars and some unspecified computer equipment.

It is unclear how many of those people have actually been arrested. Tverskoy District Court has reported that two men, Andrei Bessonov and Roman Muromsky have been, “detained on suspicion of the illegal circulation of means of payment as a member of the REvil hacking group”, during a court hearing in Moscow. Those men could not be contacted or reached for comment. The US has repeatedly accused Russia of being involved with hackers. Russian officials, of course deny such allegations. The United States does not have an extradition treaty with Russia.

According to reports this activity against REvil was undertaken at the behest of and with information provided by the United States. The details of that information have not been released. Last summer REvil went offline shortly after President Bien issued his ultimatum. That fueled speculation about their fate including several popular theories.

• Kremlin had ordered them to go quiet.
• The United States managed to disrupt their operations.
• The group decided, on their own to go underground because the heat had become so intense.

A few months later the group resurfaced by reactivating one of their payment portals and resumed operations under the name BlackMatter. A few months after that it was again forced offline temporarily due to counter-hacking activities of several governments including the United States.

REvil was suspected in the Colonial Pipeline attack last May. They are also suspected of being behind the attack on JSB SA, the world’s largest meat packing company. Last November the US offered a reward of up to $10,000,000 for information leading to the identification or location of anyone holding a key position in the group.

Ordinarily this would be good news and if true, it is great news. But, as with most things in Russia there is little or no independent verification. Transparency within the Russian government is even more infrequent than in the US Government. You can be sure that if an individual or group of cybercriminals is operating in Russia, or one of their subject states, they are doing so with Vladimir Putin’s blessing. Did these people suddenly lose that blessing? If so, why?

The Ukraine is currently grappling with a major cyber-attack. We don’t have many details on that but the timing is suspicious. If the people at REvil stepped out of line on something that would explain the crackdown. Or it could be that they have new jobs working directly for the Russian government and the story of their arrest is merely subterfuge. Will these people resurface in a few months operating under a new name? If past history is any indication the public reports are likely only a small part of the story.

We will see if the Russian government or the FSB provide any further information about this action. For now, it looks like one of the most infamous cybercriminals is out of business.

In a world where you are caught between hackers who are bent on taking everything they see, (even things they cannot see) and governments with hidden agendas what can you do? Other than hope and prayer you can keep your operating system and anti-malware software up-to-date. If all your precautions prove inadequate your last option is to restore from backups.

And remember — always back it up!