Russian authorities arrest hacker behind Colonial Pipeline attack

Russian authorities on Friday arrested the hacker behind last year's ransomware attack which forced Colonial Pipeline to halt operations for days and caused a temporary fuel shortage in the United States, a senior Biden administration official said during a press briefing.

The arrest, made by the Russian Federal Security Service after an appeal by U.S. authorities including President Joe Biden, marks a significant collaboration between the two governments despite rising tensions between the countries over Ukraine.

The FSB said Friday that it had arrested 14 members of the organized criminal community during a sting on REvil, the ransomware gang behind the attacks on food processing company JBS and software provider Kasaya.

DarkSide, another hacking group tied to Russia, was linked to the Colonial Pipeline attack. It was not immediately clear what level of connection the REvil hackers arrested Friday had to the attacks on JBS and Kasaya, or the Colonial Pipeline ransomware.

"As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized," the FSB said.

Russian authorities also seized about $6.8 million in euros, rubles and dollars as well as premium cars purchased with the illicit funds, the FSB said. The alleged hackers were charged with committing crimes under the country's "Illegal circulation of means of payment" criminal code.

"We welcome, of course, that the Kremlin is taking law enforcement steps to address ransomware emanating from its borders," the senior U.S. official said.

Biden and Russian President Vladimir Putin had set up White House-Kremlin Experts Group on ransomware last June after multiple ransomware attacks on U.S. infrastructure, including Colonial Pipeline.

"We're committed to seeing those conducting ransomware attacks against Americans brought to justice, including those that conducted these attacks on JBS, Colonial Pipeline, and Kaseya," the senior official said.

"I also want to be very clear: In our mind, this is not related to what's happening with Russia and Ukraine. I don't speak for the Kremlin's motives, but we're pleased with these initial actions."

The U.S. and Russia do not have an extradition treaty and it was unclear what punishments the arrested hackers could face.

"Each country pursues its law enforcement operations under, certainly, its own legal system," the senior U.S. official said -- adding that the Biden administration expects Russia to pursue legal actions against the arrested hackers. "It is indeed our expectation that they're brought to justice and, as such, not only for their past crimes, but preventing future ones as well."