What Exactly Happened with REvil aka R Evil?

What Exactly Happened with REvil aka R Evil? banner

The 14th of January 2022 marked another strike in the world of cyberattacks and cybercrimes. The biggest name in cybercrime “REvil” was taken completely offline, courtesy of the Russian secret service agency- The FSB.

It is often publicly and secretly said among cyber circles that Russia has over the past few years become a well-known safe haven for cybercriminals.

It’s become a bit of an unwritten rule that as long as Russian blackhats didn’t target Russian citizens or Russian companies, and instead focused their money-making attacks on the rest of the world (which is usually through means like ransomware).

But the recent developments in this scenario have created a huge ruckus adding to this high tension scenario. A couple of days ago REvil members had their homes raided, stacks of cash were seized, that included several crypto wallets, all totaling millions of dollars. As a result, 14 Revil members were arrested in total. Let us take a sneak peek into the affairs of REvil.

Who is REvil?

They are a group of cybercriminals who are said to be suspects responsible for some of the biggest and most impactful ransomware attacks in the entire history of the internet.

Some of their greatest hits include: 

  • Exfiltrating and leaking top-secret Apple schematics, 
  • Hacking US nuclear weapons contractors, 
  • The colonial pipeline hack, 
  • The Kaseya ransomware attack in which the hackers claim to have ransomed a million computers.

This proves how lethal their presence was in the cyber world. It was as if they could effortlessly get hold of the data of even the big shots quite effortlessly and in the current day situation, this is indeed a matter that needs high attention care and mitigation at the right time. 

Whether taking down REvil aka R-Evil will have any real impact on cybercrime?

After all, REvil has been responsible for some major hacks in the history of cybercrimes on a global level. Therefore taking them out means large organizations can now breathe a sigh of relief. The reality is that this action is largely symbolic, even before this takedown, REvil themselves had become largely irrelevant. After the monumental Kaseya ransomware attack, REvil disappeared. But immediately now they did spring up again a few months later.

The State Now

Although, by disappearing they lost a lot of credibility in the cybercriminal underworld, and their affiliates clearly weren’t happy about this. Some even reported that REvil refused to pay them and just ran away with their cut of the spoils. Things were so bad for REvil that this previously famous and respected cybercrime gang was forced to increase the share of commission they offer in a bid to even attract affiliates. (Affiliates are the ones who spread ransomware on behalf of a cybercrime gang. Usually, affiliates get 70 to 80% of the takings, but REvil had gone so far as to offer 90%)

At the time of the Russian raids a few days ago, REvil was no longer even operating. While sure, the arrests of the 14 Revil members take some experienced cybercriminals off the internet.

Yet there is a question that we still need to address. Can you say that the internet is now safer from ransomware today than it was yesterday?


Rumais is a certified ethical hacker and shows a keen interest in matters of information security. He lays his focus on Pentesting and its possibilities in cyberspace.

RumaisCybersecurity Enthusiast

Leave a Reply

Your email address will not be published. Required fields are marked *