The administration of US President Joe Biden welcomed on Friday the arrest in Russia of members of REvil, one of the world’s most notorious ransomware gangs that has attacked major US companies in the past.
Speaking to reporters, a senior US official said the step reinforces diplomacy between Moscow and Washington.
“We welcome reports that the Kremlin is taking law enforcement steps to address ransomware emanating from its borders,” the official said, noting that Mr Biden and Russian President Vladimir Putin set up a White House-Kremlin expert group on ransomware last year.
The official expressed hope that the legal process would continue and that those arrested would soon stand trial.
“Our expectation is that Russia would be pursuing legal action within its own system against these criminals.”
Russia announced on Friday that it had dismantled REvil in an operation carried out by the FSB, Russia's domestic intelligence service.
Reuters reported that the FSB said it had searched 25 addresses and detained 14 people, listing assets it had seized to include millions of dollars in various currencies, computer equipment and 20 luxury cars.
A Moscow court identified two of those arrested as Roman Muromsky and Andrei Bessonov. The men were remanded them into custody for two months.
“The investigative measures were based on a request from the … United States,” the FSB said. “The organised criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralised.”
The detained group members could face up to seven years in prison, Russian authorities said.
The US official said that one of the men arrested had been involved in the Colonial Pipeline hack.
Last May, a ransomware attack forced the Houston-based company Colonial Pipeline to close down operations, leading to long queues at the pump as motorists rushed to stock up on fuel before the supply was cut off.
Holding those behind the attack to account was one of Mr Biden's requests to Mr Putin during their first summit last June.
A source familiar with the case told news agency Interfax that group members with Russian citizenship would not be handed over to the US.
The US in November offered a reward of up to $10 million for information leading to the identification or location of anyone holding a key position in REvil.
The US has been hit by a string of high-profile hacks by ransom-seeking cybercriminals. A source with direct knowledge of the matter told Reuters in June that REvil was suspected of being the group behind a ransomware attack on the world's biggest meat packing company, JBS.
Washington has repeatedly accused the Russian government of malicious cyber activity, which Moscow has denied.
The arrests were a rare demonstration of apparent collaboration between Russia and the US at a time of high tension between the two powers over the situation in Ukraine.
The US official insisted that the collaborative effort against REvil is separate from events in Ukraine.
Reuters contributed to this report
