The arrests were a rare apparent demonstration of US-Russian collaboration at a time of high tensions between the two over Ukraine.
REvil has not been associated with any major attacks for months
Russia has dismantled ransomware crime group REvil at the request of the United States in an operation in which it detained and charged the group's members, the FSB domestic intelligence service said on Friday.
The arrests were a rare apparent demonstration of US-Russian collaboration at a time of high tensions between the two over Ukraine. The announcement came as Ukraine was responding to a massive cyber attack that shut down government websites, though there was no indication the incidents were related.
The United States welcomed the arrests, according to a senior administration official, adding "we understand that one of the individuals who was arrested today was responsible for attack against Colonial Pipeline last spring."
A May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the US East Coast used encryption software called DarkSide, which was developed by REvil associates.
A police and FSB operation searched 25 addresses, detaining 14 people, the FSB said, listing assets it had seized including 426 million (roughly Rs. 40 crore), $600,000 (roughly Rs. 4 crore), 500,000, computer equipment and 20 luxury cars.
A Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov and remanded them in custody for two months. Muromsky could not be reached for comment and his phone was off. Reuters could not immediately reach Bessonov.
Two Muscovites told Reuters Muromsky was a web developer who had helped them with websites for their businesses.
Russia told Washington directly of the moves it had taken against the group, the FSB said. The US Embassy in Moscow said it could not immediately comment.
"The investigative measures were based on a request from the ... United States," the FSB said. "... The organised criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralised."
The REN TV channel aired footage of agents raiding homes and arresting people, pinning them to the floor, and seizing large piles of dollars and Russian roubles.
The group members have been charged and could face up to seven years in prison, the FSB said.
A source familiar with the case told Interfax the group's members with Russian citizenship would not be handed over to the United States.
The United States said in November it was offering a reward of up to $10 million (roughly Rs. 75 crore) for information leading to the identification or location of anyone holding a key position in the REvil group.
The United States has been hit by a string of high-profile hacks by ransom-seeking cybercriminals. A source with direct knowledge of the matter told Reuters in June that REvil was suspected of being the group behind a ransomware attack on the world's biggest meat packing company, JBS SA.
Washington has repeatedly accused the Russian state in the past of malicious activity on the internet, which Moscow denies.
REvil has not been associated with any major attacks for months.
John Shier, a threat researcher at the UK-based Sophos cybersecurity company, said there was no independent confirmation the self-identified leaders of the "defunct" group had been arrested.
"If nothing else, it serves as a warning to other criminals that operating out of Russia might not be the safe harbor they thought it was," he said.
'Normal programmer'
A former client of Muromsky who only gave the name Sergei described him as a regular worker who did not appear wealthy.
Sergei runs a shop called Motohansa selling motorcycle spare parts. Muromsky created its website and supported it for some time charging him around RUB 15,000 (roughly Rs. 14,700) per month, he said.
"He is a smart person and I can imagine that if he wanted to do it (hacking) he could, but he charged very little money for his services. Several years ago he had a Rover car. That's not an expensive car at all," Sergei said.
Muromsky is in his thirties and was born in Anapa in Russia's south, he said. "He worked as a normal programmer."
Another client, Adam Guzuyev, described Muromsky as "a regular normal worker" who proved unable to install all the features Guzuyev wanted on his website.
"He earned no more than RUB 60,000 (roughly Rs. 60,000). I can't say he has genius abilities," he said, adding Muromsky spent three months working on his website.
© Thomson Reuters 2022
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.