WASHINGTON -- The United States has welcomed Russia’s move to arrest alleged members of a notorious hacking group, including the individual suspected of being behind last year's ransomware attack on a U.S. pipeline operator.
“We're pleased with these initial actions,” a senior administration official said on January 14, adding the United States expects Russia to prosecute the alleged hackers.
Russia's Federal Security Service (FSB) earlier in the day announced it had arrested 14 suspected members of Sodinokivi/REvil at the request of the United States.
The suspects were apprehended in Moscow, St. Petersburg, as well as other regions through a joint investigation by the FSB and the Interior Ministry.
One of the individuals arrested is alleged to have been behind the May ransomware attack against Colonial Pipeline, the senior U.S. administration official said.
The ransomware attack forced the company to preemptively shut down its pipeline, which stretches from Texas to New Jersey and delivers nearly half of the transport fuels for the Atlantic Coast, causing a temporary fuel shortage.
It helped propel cybersecurity to the top of the agenda of the summit a month later between U.S. President Joe Biden and Russian President Vladimir Putin in Geneva.
During the summit, Biden called on Putin to go after cybercriminals operating from inside Russia who target businesses around the world, especially in the United States, through ransomware attacks.
Russia-based hackers are believed to be behind a significant proportion of global ransomware attacks. However, the Kremlin has historically turned a blind eye to their activities as long as they don’t target domestic companies and individuals, experts say.
Biden and Putin agreed in June to set up a working group on cybersecurity.
The senior administration official said the United States has given Russia information on the alleged hackers through that working group channel.
Among the 14 individuals detained by the FSB were two hackers alleged to have been behind July’s ransomware attack on the Florida-based software firm Kaseya. That attack affected businesses around the world and may have prompted a call days later between Biden and Putin.
A Moscow court on January 14 moved to arrest the two alleged Kaseya hackers, Andrei Bessonov and Roman Muromsky, and hold them in pretrial detention.
Both Muromsky and Bessonov have been charged with the illegal use of currencies and placed in custody until March 13, according to a court spokesperson.
Overall, the FSB raided more than 25 locations tied to the 14 suspects and netted more than $5.6 million, including cryptocurrencies, as well as luxury cars and computer equipment.