OSINT on REvil

Community Feature - @SttyK

Curated Intelligence's OSINT Ninja - Sh1ttyKids - has shared a collection of geolocation reports related to the REvil ransomware gang. On 14 January, the Russian FSB issued a press release following the takedown of the REvil ransomware gang. After the press release, the identities of several REvil members has been publicly disclosed. In the FSB's video, the home addresses of the REvil members was shown during the raids.


REvil's arrest on Russian soil is an unprecedented turning point in the fight against ransomware. The reaction on the Russian cybercriminal underground forums has so far been of betrayal and fear. Ransomware has gone unchecked for years. Groups like EvilCorp have publicly flaunted their wealth on social media and on the streets of Moscow. It makes it virtually impossible to believe that the FSB had no knowledge of these ransomware groups, voting instead to let them operate openly as long as they only target America.

Curated Intel Community Features are sourced using our Member Content channel on Discord. If you have recently produced a noteworthy piece of writing, a project, a podcast, an infographic or other CTI content let us know!