FBI seized $2.3 million in cryptocurrency from REvil ransomware affiliate

The FBI in August seized approximately $2.3 million worth of cryptocurrency from a hacker affiliated with the REvil ransomware gang, according to a court filing unsealed Tuesday.

The money seized was derived from payments to ransomware attacks involving REvil malware between April 2019 and June 2021 in the U.S. and elsewhere.  REvil affiliates generated some $200 million during that time from in ransom payments, according to the FBI. The attacks were allegedly carried out by Aleksandr Sikerin, who is charged with multiple counts of conspiracy and money laundering.

Bleeping Computer first reported on the court documents.

It’s unclear if the seizure is related to  the U.S. actions in November, in which officials seized $6 million in ransom payments from alleged Russian hacker Yevgeniy Polyanin. Authorities also arrested Yaroslav Vasinksyi, a 22-year-old Ukrainian national, when he was entering Poland. Vasinskyi is accused of involvement in the July REvil attack against Florida-based IT firm Kaseya. Kaseya estimated that the attack breached as many as 1500 of its clients.

“When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable,” President Joe Biden said in a statement at the time. “That’s what we have done today.”

The FBI did not return multiple requests for comment from CyberScoop. Court documents do not connect Sikerin with any specific ransomware attacks.

REvil was one of the most popular strains of ransomware mentioned in ransomware-related activities in 2021 according to an October report from the Treasury Department. REvil’s extortion website went dark in July though experts suggest that members of the group may now be operating under the mantle BlackMatter. BlackMatter also claimed to be shutting down in early November due to pressure from law enforcement.