REvil gang member identified living luxury lifestyle in Russia, says German media

Die Zeit: He's got a Beemer, a Bitcoin watch and a swimming pool


German news outlets claim to have identified a member of the infamous REvil ransomware gang – who reportedly lives the life of Riley off his ill-gotten gains.

The gang member, nicknamed Nikolay K by Die Zeit newspaper and the Bayerische Rundfunk radio station, reportedly owns a €70,000 watch with a Bitcoin address engraved on its face and rents yachts for €1,300 a day whenever he goes on holiday.

"He seems to prefer T-shirts from Gucci, luxurious BMW sportscars and large sunglasses," reported Die Zeit, which partly identified him through social media videos posted by his wife.

"This video," said the newspaper regarding the €1,300/day yacht trip, "is from Antalya, on the south coast of Turkey, but others have come from a five-star hotel in Dubai, from the Crimean Peninsula, or even from the Maldives."

German police are said to be aware of the suspect's true identity and location, which is reportedly somewhere in southern Russia "in a house with a swimming pool" and with an expensive BMW parked outside. The report added that "Nikolay" might have detected the Western investigations against him, noting that his last holiday was to the Russian-occupied Crimean peninsula. If he travels to a country with a German extradition treaty police will attempt to remove him to their country, the newspaper added.

Emsisoft researcher Brett Callow told The Register the identification of "Nikolay" was a great thing, saying: "Ransomware gangs have had it easy for too long, with the risk/reward ratio being very much on their side. But that's starting to change."

He continued: "Diplomatic measures, law enforcement action and joint public-private efforts are combing to disrupt the crims' operations and interrupt their revenue streams. And this is a critical part of solving the ransomware problem. The more we can increase their risks and decrease their rewards, the less incentive they'll have to carry on crimming."

REvil is one of the more notorious ransomware gangs of our time. After its recent activity, which included targeting US IT management software provider Kaseya, its websites went offline in July. A few months after their reappearance they went dark again, with the US boasting that a multi-country cyber operation was the reason behind the latest vanishing act. (British officials refused to comment when El Reg asked if they were involved.)

The extortion gang's tactics include simple attack techniques that have been known about for years. Once they're inside a victim's network, they deploy their ransomware, encrypt everything they can touch and leave a ransom note inviting the target to contact them through a messaging platform controlled by the gang. From there the extortionists demand a hefty payment in cryptocurrency in return for supplying a decryptor.

A few weeks ago somebody claiming to be a REvil contractor gave an interview to a Russian-language news outlet, painting a mundane picture of someone who knows he's doing bad things and doesn't really care either way. The gang has a ransomware-as-a-service operation, though some of its criminal customers have moaned that they did all the hard work only for REvil to divert the ransom out of their hands. ®

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • Apple wins Epic court ruling: Devs will pay up for now as legal case churns on

    Previous injunction that ordered company to allow non-Apple payments systems is suspended

    Apple will not be required to implement third-party in-app payments systems for its App Store by 9 December, after a federal appeals court temporarily suspended the initial ruling on Wednesday.

    As part of its ongoing legal spat with Epic, a judge from the Northern District Court of California said Apple wasn’t a monopoly, but agreed it’s ability to swipe up to a 30 per cent fee in sales processed in iOS apps was uncompetitive. Judge Yvonne Gonzalez Rogers ordered an injunction, giving the iGiant 90 days to let developers add links or buttons in their apps to direct users to third-party purchasing systems.

    Those 90 days were set to end on 9 December. If developers were allowed to process financial transactions using external systems they wouldn’t have to hand over their profits to Apple, they argued. When Apple tried to file for a motion to stay, which would pause the injunction until it filed an appeal, Rogers denied its request.

    Continue reading
  • Meg Whitman – former HP and eBay CEO – nominated as US ambassador to Kenya

    Donated $110K to Democrats in recent years

    United States president Joe Biden has announced his intention to nominate former HPE and eBay CEO Meg Whitman as Ambassador Extraordinary and Plenipotentiary to the Republic of Kenya.

    The Biden administration's announcement of the planned nomination reminds us that Whitman has served as CEO of eBay, Hewlett Packard Enterprise, and Quibi. Whitman also serves on the boards of Procter & Gamble, and General Motors.

    The announcement doesn't remind readers that Whitman has form as a Republican politician – she ran for governor of California in 2010, then backed the GOP's Mitt Romney in his 2008 and 2012 bids for the presidency. She later switched political allegiance and backed the presidential campaigns of both Hillary Clinton and Joe Biden.

    Continue reading
  • Ex-Qualcomm Snapdragon chief turns CEO at AI chip startup MemryX

    Meet the new boss

    A former executive leading Qualcomm's Snapdragon computing platforms has departed the company to become CEO at an AI chip startup.

    Keith Kressin will lead product commercialization for MemryX, which was founded in 2019 and makes memory-intensive AI chiplets.

    The company is now out of stealth mode and will soon commercially ship its AI chips to non-tech customers. The company was testing early generations of its chips with industries including auto and robotics.

    Continue reading

Biting the hand that feeds IT © 1998–2021