The crackdown on members of the REvil ransomware gang by agents of the Kremlin's domestic security force January 14 is sending a wave of distress and dread through the Russian hacker underground, according to researchers at Trustwave's SpiderLabs."What our researchers found was a great deal of anxiety and consternation from those who participate in these Dark Web forums regarding the FSB arrests and how those actions will impact them in the future," Trustwave noted Friday in a company blog post."The comments mentioned a general fear of being arrested, the possibility that their homeland is no longer a safe haven, and that cooperation with the United States and Russia will be a problem for their operations going forward," the blog added.It cited one forum member declaring: \u201cThis is a big change. I have no desire to go to jail.\u201dRussia acting on ransomware is rareAfter nearly a week of monitoring chatter on Russian hacker forums, we noticed a huge change from the past in tone among the members of the online meeting sites, says SpiderLabs vice president of security research Ziv Mador."In the past, cybercriminals felt very safe in Russia," he says. "As long as they didn't attack local targets, they felt they'd be fine. Russian cybercriminals had been arrested traveling outside the country, but this time they were arrested in Russian cities," he continues. "That was a shocking moment for them."\u201cRussia acting on any cybercrime report, especially ransomware, is especially rare," adds John Bambenek, principle threat hunter at Netenrich, an IT and digital security operations company. "Unless it involves child exploitation or Chechens, cooperation with the FSB just doesn\u2019t happen."Was the Russian raid \u201ca show\u201d for international consumption?There were some skeptics of the significance of the REvil raid in the forums monitored by SpiderLabs. One forum member raised the possibility that the FSB operation was, in fact, faked or was only \u201ca show\u201d for international consumption, Trustwave noted. This thought allowed them to hold out hope that the FSB\u2019s move would not end with serious punishments for the arrestees."It is doubtful that this represents a major change in Russia\u2019s stance to criminal activity within its borders\u2014unless they target Russian citizens\u2014and more that their diplomatic position is untenable, and they needed to sacrifice a few expendables to stall more serious geopolitical pressure," Bambenek maintains.\u00a0"In three months, if there isn\u2019t another major arrest, it's safe to assume no real change has happened with Russia\u2019s approach," Bambenek said. "Nevertheless, it\u2019s a big arrest and will have significant short-term impact to reduce ransomware."REvil had been inactive for monthsThe fact that the FSB targeted REvil, which had not been publicly active in conducting attacks since October 2021, is also significant, adds Chris Morgan, a senior cyber threat intelligence analyst with Digital Shadows, provider of digital risk protection solutions. "It's possible that the FSB raided REvil knowing that the group was high on the priority list for the U.S., while considering that their removal would have a small impact on the current ransomware landscape," he says.Dirk Schrader, global vice president at New Net Technologies, a provider of IT security and compliance software, adds that only time will tell if the REvil raid will decrease ransomware attacks. "It is too early to say whether such a level of international cooperation will turn into systemic efforts to put an end to widespread ransomware attacks," he says. "Only consistent, united efforts to deprive the attackers of any safe harbor can ensure long term results."