Ransomware operations by the MacBook Pro design hackers REvil have been shut down, according to a statement by Russian authorities today, with all remaining members arrested.

It follows an arrest and seizure of funds late last year, after the group unsuccessfully attempted to blackmail Apple

Background

Ransom hackers usually hack into systems in order to encrypt the data, then charge a ransom in order to provide the key. But REvil had a second revenue stream, as we explained last year.

They would obtain sensitive data and threaten to sell it to rivals, or make it public, unless the company paid a ransom.

One attack successfully infiltrated systems belonging to Quanta Computer, a key Apple supplier that makes both Macs and Apple Watches. REvil obtain schematics that revealed key details of the upcoming MacBook Pro designs more than six months before they were launched by Apple.

REvil first attempted to blackmail Quanta, and when that wasn’t successful attempted to do the same to Apple. Neither company paid the ransom, and so the group did as it had threatened and made the drawings public. The accuracy of these was confirmed when the new machines were launched.

A multinational law enforcement force managed to successfully use one of the group’s own attack methods against it. They subsequently arrested one member and seized more than $6M. However, other members of the group remained active.

MacBook Pro design hackers shutdown

The Russian security service FSB now says that the arrest of the alleged leader led to information allowing them to completely shut down REvil operations, with all 14 remaining members arrested.

The Federal Security Service of the Russian Federation in cooperation with the Investigation Department of the Ministry of Internal Affairs of Russia in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions suppressed the illegal activities of members of an organized criminal community.

The search activities were based on the appeal of the US competent authorities, who reported on the leader of the criminal community and his involvement in encroaching on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption.

The FSB of Russia established the full composition of the criminal community “REvil” and the involvement of its members in the illegal circulation of means of payment, and documented illegal activities […]

As a result of a complex of coordinated investigative and operational-search measures in 25 addresses at the locations of 14 members of an organized criminal community, funds were seized: over 426 million rubles, including in cryptocurrency, 600 thousand US dollars, 500 thousand euros, as well as computer equipment, crypto wallets used to commit crimes, 20 premium cars purchased with money obtained from crime.

The detained members of the organized criminal community were charged with committing crimes under Part 2 of Art. 187 “Illegal turnover of means of payments” of the Criminal Code of Russia.

As a result of joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized.

US law enforcement agencies have been advised of the arrests.

Photo: Sky News

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear