Seven people have been arrested and a criminal network has been dismantled in an international operation that targeted hackers carrying out ransomware attacks, Europol announced on Monday.
Those arrested are affiliated with the Russian-speaking hacker group REvil, sometimes referred to as Sodinokibi, and the GandCrab ransomware group, the European police agency said in a statement.
UPDATE: The Sodinokibi / REvil affiliate intercepted in Oct is suspected of perpetrating the Kaseya #ransomware attack, which affected up to 1,500 downstream businesses & asked € 70 million ransom.
He was arrested at the PL border after the US issued an int'l arrest warrant.
- Europol (@Europol) November 8, 2021
One of the arrested individuals affiliated with REvil is a Ukrainian national suspected of carrying out the giant ransomware cyberattack that targeted the US computer company Kaseya, affecting at least 1,000 corporate clients and more than 1,500 people, Interpol said in a statement. The attack was claimed by REvil, which demanded a ransom of around 70 million euros. The suspect was arrested in October in Poland, near the border, after the issuance of an international arrest warrant by the United States, according to the European police agency.
Two people were also arrested in Romania last Thursday, and another in Kuwait.
In recent months, three individuals have also been arrested in South Korea during this operation called "GoldDust".
"Suspected of around 7,000 infections, the affiliates arrested have demanded more than 200 million euros in ransoms," Europol said.
The two individuals arrested in Romania are suspected of having claimed 5,000 victims and pocketing a total of half a million euros in ransoms.
The operation, also called "Quicksand" involved 17 countries, Europol, Eurojust - the European agency for judicial cooperation - and Interpol, said the organization of international police cooperation.
Billions of dollars in earnings
"All of these arrests follow joint international law enforcement efforts through the identification, wiretapping and seizure of some of the infrastructure used by the Sodinokibi / REvil ransomware group," Europol stressed. "Ransomware has become too big a threat for any entity or sector to tackle on its own," Interpol Secretary General Jürgen Stock said in a statement.
Ransomware is an increasingly lucrative form of digital hostage-taking in which hackers encrypt victims' data and then demand money to put things back in order.
REvil is considered by experts to be the most formidable group of ransomware cybercriminals and seen as the successor to GandCrab.
But questions about his fate were raised in July when, two weeks after the attack on Kaseya, several websites and pages related to the group abruptly disappeared from the Internet.
Read also Gangs, extortion and ransomware ... Investigation into very organized gang hackers
The shutdown has sparked speculation as to whether the move was the result of government action.
The combined global financial impact of ransom payments to ransomware groups is, according to Interpol, billions of dollars.
Chainalysis research suggests criminals made $ 350 million in 2020 from ransomware payments, a 311% increase in one year, Interpol said.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/H6SX4JB4HJIOMBO3FUP6IGGLUI.jpg)
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/KAMEVPDOXBG7TIMQFEJC6QI7DU.JPG)
