Police arrest five members tied to REvil ransomware gang

TUESDAY, NOVEMBER 09, 2021
|

Law enforcement agencies have arrested five people allegedly associated with the prolific ransomware group REvil, which was behind this years devastating cyberattacks on Kaseya and JBS.

Romanian authorities arrested two alleged affiliates of the group on Nov. 4, according to a statement released on Monday by European law enforcement agency Europol. A further three arrests of REvil suspects were made earlier this year, Europol said.

The alleged hackers are suspected of involvement in about 5,000 ransomware infections and received about $580,000 (500,000 euros) in ransom payments. Many ransomware gangs offer their malware to others, called affiliates, who then send it out to infect victims, in what is known as ransomware-as-a-service.

"REvil," short for "Ransomware-Evil," is known as one of the world's most prolific ransomware gangs. The group is accused of staging several attacks this year against major companies and organizations, including Brazilian meat supplier JBS and Miami-based technology company Kaseya. JBS paid an $11 million ransom, while Kaseya said it declined to pay the hackers.

Europol said that law enforcement agencies had identified the alleged affiliates of REvil after seizing infrastructure used by the group and carrying out investigative methods such as wiretapping.

In addition to the REvil arrests, Europol said that law enforcement agencies also this year apprehended two alleged affiliates of GandCrab, another prolific ransomware group.

The arrests revealed on Monday were made as part of an international investigation named GoldDust, which involved law enforcement agencies from 17 countries, including the U.S., U.K., France and Germany.

"This represents historic collective action between 17 countries to prosecute members of this cybercrime cartel," said Tom Kellermann, who heads cybersecurity strategy for VMware. "Operation GoldDust has had a meaningful impact in disrupting their activities. These groups are now forced to play defense."

But he added: "Destructive cyberattacks will continue and will become more systemic. Collective action between like-minded countries must be enhanced, and forfeiture of digital currencies connected to cybercrime conspiracies must be expanded."