White House: REvil Arrests Include Alleged Colonial Pipeline Culprit
One of the individuals arrested in Russia in connection with the REvil ransomware group is believed to be responsible for the May 2021 ransomware attack against Colonial Pipeline. That attack temporarily led to fuel shortages in parts of the US.
International cooperation is critical to prosecution having any impact at all, but politics still gets in the way. I don’t think there has been any meaningful progress on international cybersecurity laws since 2001 or so. The UN Governmental Group of Experts met and issued reports in this area every few years, nothing since then I don’t think. Maybe the pandemic spirit of international cooperation will carry over to cybersecurity.
There was a lot of political pressure to find those behind the Colonial Pipeline attack, as well as pressure from Russia that cooperation was contingent on the US not reacting to their activities in Ukraine, as well as Russia not wanting to acknowledge they had ransomware groups actively operating in their country. This makes international cooperation tricky and non-trivial. One hopes we would have moved beyond this, as it also allows operators more room to operate and maneuver without recrimination.
Read more in
Washington Post: Russia arrests 14 alleged members of REvil ransomware gang, including hacker U.S. says conducted Colonial Pipeline attack
ZDNet: White House confirms person behind Colonial Pipeline ransomware attack nabbed during Russian REvil raid
Politico: Russia arrests hacker in Colonial Pipeline attack, U.S. says