A Moscow court has ruled to arrest two men alleged to belong to the Sodinokibi/REvil ransomware group suspected of being behind last year’s ransomware attack on the Florida-based software firm Kaseya that affected businesses around the world.
The alleged hackers, identified as Andrei Bessonov and Roman Muromsky, were among 14 suspected members of Sodinokivi/REvil detained by Russia’s Federal Security Service (FSB) on January 14 at the request of the United States.
The suspects were apprehended in Moscow and St. Petersburg, as well as other regions, through a joint investigation by the FSB and the Interior Ministry.
Both Muromsky and Bessonov have been charged with the illegal use of currencies and placed in custody until March 13, according to a court spokesperson.
The FSB raids on more than 25 locations tied to the 14 suspects netted more than $5.6 million, including cryptocurrencies, as well as luxury cars and computer equipment.
The U.S. State Department had announced a reward of up to $10 million for information leading to the identification or location of anybody holding a leadership position in the Sodinokibi/REvil ransomware crime group.
The State Department also offered up to $5 million for information leading to the arrest and conviction in any country of any individual participating in Sodinokibi/REvil ransomware attacks.
REvil, a group of Russian-speaking hackers, has been blamed for a series of high-profile ransomware attacks in which hackers encrypt victims’ data and then demand cryptocurrency to regain access.
Ransomware has become a top priority for many governments around the world as the number and severity of cases has surged in recent years, impacting a wide array of industries from retail and food to health care and critical infrastructure.
According to the U.S. Treasury Department, ransomware payments in the United States so far have reached $590 million in the first half of 2021, compared to a total of $416 million in 2020.
Questions about the fate of the group emerged in July when webpages linked to REvil disappeared from the dark web, sparking speculation about whether the move was the result of a government-led action.