Enlarge image
Attack with ransomware (symbol image)
Photo:
Stuart Miles / imago images
International investigators have struck a blow against criminals believed to be responsible for thousands of ransomware attacks on organizations and companies.
The US Justice Department announced on Monday in Washington that a Ukrainian had been caught in Poland who was suspected of being behind the major attack on the American IT service provider Kaseya, among other things.
Hundreds of companies in the US and other countries were attacked with ransomware through a vulnerability at Kaseya in early July.
The police authority Europol announced in The Hague that two people had been arrested in Romania who allegedly carried out cyber attacks with the same software.
The arrests were part of an international operation.
US President Joe Biden said the United States, together with international partners, is doing all it can to fight cybercriminals.
There is still much to be done, but the US has already taken important steps to better protect critical infrastructure, hold criminals accountable and destroy the blackmail ecosystem.
According to Europol, 17 countries were involved in the investigation, including the USA, Germany, France, the Netherlands, Poland, Romania and Canada.
In Germany, according to the European judicial authority Eurojust, the Stuttgart public prosecutor was in charge.
Over several months, a total of seven suspects were arrested in different countries, said Europol.
They are suspected of having attacked around 7000 targets and stealing millions in so-called ransomware attacks, i.e. attacks with ransomware.
Ransomware for rent
In such attacks, the attackers encrypt the files on the victims' computers using software that has been secretly infiltrated into the systems. A ransom is then requested for the release or handover of the key. According to Eurojust, the attacks on those arrested were directed against companies, as well as local authorities, hospitals, the judiciary, schools and universities. Five of those arrested had carried out attacks with the ransomware REvil (aka Sodinokibi), which is rented out by its developers.
The group of cyber criminals of the same name had caused a stir in recent months with large attacks.
During the Kaseya attack, the REvil group asked for a master key to all crippled computers on its Darknet website.
Since many of the Kaseya customers affected are themselves IT service providers for others, the impact of the attack reached as far as Sweden, for example, where the supermarket chain Coop was unable to open hundreds of stores due to malfunctioning checkout systems.
175,000 computers infected
A few weeks earlier, REvil-Software had paralyzed several plants of the world's largest meat company JBS - also with international effects.
At the time, the group collected eleven million dollars in ransom in cryptocurrencies from the company.
US Attorney General Merrick Garland said in Washington that so far REvil software has been smuggled into attacks on around 175,000 computers worldwide, and at least $ 200 million in ransom has been paid after attacks with the software.
The 22-year-old Ukrainian arrested in connection with REvil was arrested when entering Poland at the request of the USA.
His extradition to the United States has been requested.
The US Department of Justice also confiscated $ 6.1 million that another criminal allegedly stole from ransomware attacks with the REvil software, Garland said.
The 28-year-old Russian is said to have attacked 3,000 targets with ransomware.
Reward in the millions
more on the subject
German REvil victims report: It gets that bad when cyber blackmailers paralyze the systemBy Patrick Beuth and Martin Hesse
Worldwide cyber attack: This is how the extortion group "REvil" by Patrick Beuth works
The US State Department on Monday offered a reward in the millions for clues that lead to the identification or establishment of leaders of the REvil group - or anyone involved in attacks with the software.
The US government announced a similar reward a few days ago with a view to the hacker group DarkSide, which, according to the US, was responsible for the cyber attack on America's largest gasoline pipeline in the spring.
As a result of the attack, the pipeline, through which about 45 percent of all fuel consumed on the US east coast runs, was temporarily completely shut down.
Gasoline bottlenecks occurred in parts of the country.
The hackers had broken into the pipeline operator's computer network and demanded a ransom in the millions, which the company paid.
mak / dpa