Infamous Ransomware gang, REvil taken down by Russia

Image rights –

In what suspiciously looks like a political statement, Vladimir Putin has ordered the arrest of 14 members of the infamous gang, REvil. With tension and talks not currently being fruitful between Russia, NATO and the US about Ukraine, it seems this was a bit of a gift from Putin to the US Government. Tensions between Ukraine and Russia are at their highest in years, with a Russian troop build-up near the border with Ukraine, indicating, come kind of military invasion could be imminent. US intelligence findings have estimated that Russia could begin a military offensive in Ukraine “as soon as early 2022.”

On Friday the 14th of January 2022, officials from FSB and the Department of the Ministry of Internal Affairs seized computer equipment, 20 luxury cars, and more than $5.5 million in rubles and cryptocurrency. They also seized control of cryptocurrency wallets used by the REvil gang and recouped nearly $1.2 million in foreign cash.

The arrests took place in Moscow, St. Petersburg, and the Lipetsk region south of the Russian capital.

For many years, the infamous REvil criminal gang has attacked numerous high profile targets ruthlessly. In May 2021, the criminals, along with its affiliates, disrupted production at meat supplier JBS. In the process, they managed to secure a $11 million ransom payment. Then in July, it incapacitated thousands of businesses as it exploited a vulnerability in the update mechanism of IT software services company Kaseya. With REvil being based in the seemingly safe haven of Russia, their attacks have largely gone unpunished. It would appear that Ukraine conflict is a bigger issue than ransomware so they gang have been sacrificed by Russia as a bargaining chip in negotiations.

Reports from Russia, claim the FSB took action following requests from the United States. Back in August president Joe Biden told Vladimir Putin that he must take action against cybercriminals operating in Russia. Considering the many pleas from countries all over the world which have been made to Russia to stop their numerous hacking gangs, it seems unlikely that Putin suddenly decided to comply without an ulterior motive being in play.

Law enforcement agencies around the world, including in Ukraine, have increasingly been working together in efforts to tackle ransomware hackers. Since February 2021, Europol has arrested five hackers linked to REvil and says 17 countries have been working on its investigations. These include the US, UK, France, Germany, and Australia. This includes 22-year-old Ukrainian national Yaroslav Vasinskyi who was arrested in Poland and accused of conducting the Kaseya attack. Yevgeniy Polyanin, a 28-year-old Russian national, was also charged with deploying REvil’s ransomware. Polyanin is accused of conducting some 3,000 ransomware attacks and had $6.1 million of his assets seized in the process.

For now, several ransomware groups operating out of Russia remain highly active. The REvil takedown is a significant mark of progress, but it will be interesting to see if Vladimir Putin decides to pursue the other gangs as well, like the notorious DarkSide gang and its successor BlackMatter.


REvil (aka Sodinokibi) is a ransomware variant first detected in April 2019. Initial attacks focused on users in Asia, but REvil’s attacks have expanded to target entities globally, with increasingly more significant extortion demands with one of the most recent being $70M for Kaseya. Since then, the variant has been actively used in ransomware attacks targeting organizations worldwide across various sectors, including healthcare, legal services, technology, government, retail, and financial services.

Timeline of some REvil attacks:

Aug 2019: Vendor breached to spread ransomware to 22 Texas cities
Jan 2020: REvil release stolen victim data on forum threads, later replaced by the “Happy Blog” website, if the ransom was not paid.
April 2020: Widespread exploitation of COVID-19 pandemic to spread ransomware
May 2020: Purported breach and sale of Trump-related information, as well as multiple celebrities over the following months, likely resulting from breach of the GSMS law firm
Jun 2020: Researchers discovered the variant scanning for point-of-sale (PoS) software and leveraging Cobalt Strike to deliver the ransomware. REvil adds an auction page to “Happy Blog.”
Mar 2021: Harris Federation breach, which leads to shutdown of the network for weeks, breach of hardware and electronics manufacturer Acer
Apr 2021: Offered Apple schematics and other company data for sale after breaching hardware vendor Quanta
May 2021: Attack on JBS, which forced a shutdown of US beef plant operations and disrupted operations at poultry and pork plants
Jun 2021: Attack on Invenergy
Jul 2021: Attacks on US DoD contractor HX5 and Kaseya MSP

Further reading

Fish farm could make triathletes shark bait

Fish farm could make triathletes shark bait

Triathletes to become Shark Bait

Port Elizabeth – Plans to build a large fish farm along a popular coast stretch prompted concerns it could entice sharks, endangering tourists and Ironman triathletes.

Authorities in Port Elizabeth say the vast fishery, 2.5km off Hobie Beach, will create much needed jobs in the area.

However, having had sharks in the area over many years, a host of beachfront hoteliers, marine biologists and local councillors say the project would also certainly attract a large number of Great Whites and other sharks species.

Paul Woolfe, Director of Ironman South Africa told AFP that if the project goes ahead they will be forced to move the event to another city as it will simply be too dangerous to run in potentially shark infested water where their sharks will probably think all their Christmases have come at once with thousands of triathletes swimming off the beach.

great white shark

“One of many risks is that our athletes might be eaten by sharks, because the fish farm will lure bigger sharks to the bay that are not normally there,” Woolfe said.

In addition, the beach is a favourite training area for the triathletes preparing for the event.

Ironman SA had already been contacted by the cities of Cape Town and Durban about hosting the race which will be a huge financial boost to the cities.

Port Elizabeth could stand to lose around R88.6m in revenue if the race moved.

Port Elizabeth is currently set to host the annual Ironman African championship – a 3.8km swim followed by a 180km bike ride and a 42.2km marathon run – until 2016.

jumping great white shark

Jumping Great White Shark

The Department of Agriculture, Forestry and Fisheries has already granted authorisation for the fish farm to go ahead, however a petition has been launched to stop it.

Dean Biddulphs, a municipal councillor, said the farm was important for jobs but should be built on land and not utilise the ocean.

“If it’s land-based, it’s even more economical and cost effective,” he said, adding that there was land available nearby. Logically this makes sense but there is always a fight with common sense verses corruption.

great white shark

Trailer for the Final Hobbit Movie Is Ready for Battle

Trailer for the Final Hobbit Movie Is Ready for Battle

Welcome back, Bilbo

The final movie of the Hobbit series is The Battle of the Five Armies, Peter Jackson’s Tolkien adaptation is living up to its title with a suitably aggressive first teaser trailer, which premièred for a live audience at the resent Comic-Con over the weekend.

The Hobbit: The Battle of the Five Armies is due in theatres on Dec. 17, 2014

Motorbikes racing at 299km/h on a highway

Motorbikes racing at 299km/h on a highway

This is mental. This should of thing should be left on the track and not on public roads where innocent people are involved.

New EU data regulations 5 things your business needs to do

New EU data regulations 5 things your business needs to do

Recent events over the past couple of years, in particular the Snowden affair, have had a huge influence on privacy and our personal data. The European Union is set to dramatically change the regulations which govern what businesses can do with personal data and what rights you have to protect it.

Click here to read more

10 cloud-based security tools to protect your computer network

10 cloud-based security tools to protect your computer network

Believe it or not, it doesn’t matter what size you are when it comes to protecting your network. PLC or home user: Hackers will still want your information right now. If they don’t want your information then they want to use your computer to get someone else’s information and cover their tracks by using your little (or large) network.


You can read more here

Extreme Ironman – Scotland – City to summit

Extreme Ironman – Scotland – City to summit

Yep, it’s almost a year ago that I embarked on an extreme Ironman adventure in Scotland. In fact, it’s just one week to go before myself and two friends (Darren and Steve) travel once more up to Scotland to beast ourselves like no other experience.

city to summit

Click here to read more