Notorious Ransomware Gang Crushed by FBI in International Operation

REvil, a notorious Eastern-European cybersecurity gang that has been blamed for major attacks on global businesses, has recently been compromised by the FBI and others following an international police investigation.

The investigation led police to Poland, Romania, and Ukraine, where three alleged hackers were arrested in raids that took place both online and offline. The coordinated action was announced by Romanian police, Europol, and the US Department of Justice.

The beginning of the end for the group was when their “Happy Blog” website on the Dark Web was compromised by the FBI. REvil used this website for posting stolen data and extorting money from victims. After the website went offline, a REvil member with the username “0_neday” shared the news on a Russian hacking forum.

“They were looking for me,” ‘0_neday’ said.

“They deleted the path to my hidden service in the torrc file and raised their own so that I would go there.

“Good luck, everyone, I’m off.”

The police actions come after REvil was able to hack into systems belonging to Apple supplier Quanta Computer back in April. The group was able to obtain a number of engenering schematics of upcoming Apple products, but their ransom demands were denied both by Quanta Computer and Apple.

Once they failed to secure the ransom, REvil decided to release the schematics of the upcoming Macbook Pro, which were proven to be correct when the machine was released.

Some other significant REvil attacks this year included ransomware targeting the largest meat processor in the world, JBS SA, foreign exchange company Travelex, and software firm Kesaya, netting the hackers 100s of millions in ransom.

Among the arrested REvil members are Yevgeniy Polyanin from Russia, and Ukranian citizen Yaroslav Vasinskyi, who the US is looking to extradite for trial.

A virtual cryptocurrency exchange called Chatex was also accused of “facilitating financial transactions for ransomware actors.”

Since the start of the pandemic, ransomware attacks have surged massively, targeting both the public and private sectors, including schools and hospitals. Taking down one of the biggest cybercrime groups (REvil) is a huge step in the right direction and one of the few good news we’ve seen for cybersecurity recently.

However, with most ransomware groups operating out of Russia, where they are free of prosecution, the fight against ransomware is far from over.


Developing an effective response capability to ransomware requires taking specific steps for prevention, preparation, detection, verification, containment, eradication, and recovery. With LIFARS Ransomware Response Package, you will have the tools, processes, and team at your disposal to stand ready for even the most devious ransomware attack.