REvil Hacker Group Arrests Cause Panic Among Other Cybercriminals
Recent arrests of members of the REvil hacker group have sparked widespread discussion on hacker forums. Analysts from Trustwave SpiderLabs studied conversations in the Russian-speaking darknet and concluded that many criminals are alarmed by these events.
In mid-January 2022, the FSB announced the arrest of 14 people connected to REvil. Searches were conducted at 25 addresses in Moscow, St. Petersburg, Leningrad, and Lipetsk regions. Authorities seized more than 426 million rubles (including cryptocurrency), $600,000, β¬500,000, as well as computer equipment, crypto wallets used for criminal activities, and 20 luxury cars purchased with illicit funds.
It was also reported that the operation was initiated following a request from U.S. authorities.
Growing Anxiety in the Cybercriminal Underground
Trustwave experts note that the first signs of nervousness among hackers appeared as early as November 2021, when rumors surfaced about secret negotiations between the FBI and FSB. Even before the REvil arrests, some criminals suspected that Russia could no longer be considered a “safe haven.”
After the arrests, anxiety only increased. For example, one user wrote that the administrator of the underground forum Ramp, known as RED\KAJIT, has now disappeared without a trace and may have previously cooperated with law enforcement, working “against ordinary workers.”
Many forum participants are now sharing advice on how to protect themselves if Russian law enforcement continues its crackdown on cybercrime. Tips range from using Tor (to maintain anonymity), deleting old messages, and using encryption, to avoiding storing all stolen data on a single device.
Security Concerns and Criticism of REvil
The large number of cameras mentioned in the screenshot above is related to the fact that some criminals visit banks or ATMs to withdraw cash, and they should be aware that they may be under surveillance.
Many also criticize REvil’s actions, which led to the group’s downfall, and urge others not to repeat such behavior. Many in the criminal underground believe that REvil’s biggest mistake was boasting about their achievements and attacking multi-billion-dollar corporations in countries that could pressure the Russian government to take action.
βThey should have thought before targeting and encrypting multi-billion-dollar companies, schools, and governments. Who were they trying to compete with?β wrote one participant in the discussion.
Speculation About the FSB Operation
Interestingly, many criminals suspect that the FSB operation was merely a “show” for the West and that the arrested individuals will not face serious consequences. One possible reason for such a staged event, they say, is Russia’s desire to “appease the U.S.” and avoid further economic sanctions.
Researchers conclude that they have never seen such a volume of comments and such anxiety in the cybercriminal community before. However, it is possible that the REvil arrests will primarily disrupt the activities of small and “noisy” criminals, but will not seriously affect the operations of “professional” and “quiet” groups.