Two high-profile affiliates of the REvil ransomware gang have reportedly been arrested by Romanian law enforcement.
The arrest happened on November 4th, as part of GoldDust, a coordinated operation involving the US and numerous European countries. The Goldust operation has resulted in the arrest of other major ransomware players, like two suspects connected to the GandCrab gang in South Korea and Kuwait earlier this year.
REvil is one of the most notorious cyber crime gangs in history, having brought in more than $11 million this year from attacks. The suspects arrested according to Europol have extorted close to $600,000 from victims and orchestrated more than 5,000 ransomware attacks.
REvil, short for Ransomware Evil and also known as Sodinokibi, emerged on the threat landscape back in 2019. Operating as a RaaS (ransomware-as-a-service) the criminal group is known to rent their malware source code out to affiliates who then become responsible for carrying out attacks against targeted victims.
The arrests on November 4th of the REvil associates also included a 22-year-old Ukrainian national, Yaroslav Vasinskyi, accused of perpetrating the devastating ransomware attack on American software firm Kaseya back in July of this year.
The seven suspects linked to the two ransomware families are said to have targeted about 7,000 victims, while collectively demanding more than €200 million in digital ransoms.
These arrests add additional pressure to REvil, as governments around the world coordinate to tackle the threat of ransomware.
REvil had to shut down its operations last month according to the Washington Post after the U.S. Cyber Command compromised its Tor infrastructure, which forced its websites to be taken offline.
Romanian cybersecurity firm Bitdefender has also made available a free universal decryptor that REvil victims can use to restore their files and recover from attacks carried out before July 13, 2021.
Photo by niu niu on Unsplash