REvil associates arrested in international ransomware crackdown
Following the October multinational operation targeting the infrastructure of the ransomware gang REvil (aka Sodinokibi), Romanian police arrested two suspected REvil affiliates suspected of being behind 5,000 cyberattacks for an amount of € 500,000 (£ 427,000 / $ 580,000) under pending international law. Law enforcement operation targeting the notorious crime gang.
The arrests were made Thursday, November 4 in the city of Constanţa by the Romanian unit for the fight against organized crime and terrorism, DIICOT, with the help of the local police and the national gendarmerie. DIICOT said it searched four homes in the Black Sea coastal town and seized smartphones, laptops and storage devices.
The action is part of Operation GoldDust, a 17-country effort coordinated by European Union (EU) agencies Europol and Eurojust, Interpol and police forces around the world, as well as cybersecurity companies Bitdefender, KPN and McAfee. Operation GoldDust saw extensive interagency collaboration on identifying and tracking suspects, and seizing the IT infrastructure used in their attacks.
The latest sting means a total of seven suspects associated with REvil and its predecessor GandCrab have been arrested since February 2021, with three arrests in South Korea, one in Kuwait and another in Europe. In total, they are suspected of having assaulted around 7,000 victims.
The roots of the law enforcement operation lie in a Romanian-led investigation targeting REvil’s predecessor, GandCrab, dating back to 2018, when it was one of the most prolific ransomware in the world. Marlet. After GandCrab operators “pulled out” in 2019, to launch REvil a few months later, the leads from this investigation helped form the basis for Operation GoldDust.
“REvil has successfully compromised thousands of businesses around the world and has been known to extort payments from victims that are much larger than the average market price. Companies that failed to pay and attempted to restore from backups have been blackmailed with the publication of their stolen confidential information, ”said Bogdan Botezatu, director of research and threat reporting at Bitdefender.
“The Bitdefender Draco team provided cybersecurity advice and guidance, particularly in the areas of cryptography, forensics and investigations, which helped the law enforcement consortium in this operation to minimize impact of successful ransomware attacks, and ultimately led to arrests.
“This collaboration with law enforcement is an excellent example of the collaboration of the public and private sectors to significantly disrupt cybercrime activities,” he added.
Together with law enforcement and other technical partners, Bitdefender has also played a key role in the development of free decryption tools for GandCrab and REvil, which can be obtained from the No More Ransom website.
At the time of writing, the REvil decryption tool has helped more than 1,400 victims decrypt their networks without having to pay their attackers, saving an estimated $ 475 million in potential losses, while the decryption tools GandCrab decryption enabled over 45,000 decryptions, saving millions more.