REvil associates arrested in international ransomware crackdown

In the wake of October’s multinational operation targeting the infrastructure of the REvil ransomware gang (also known as Sodinokibi), Romanian police arrested two suspected REvil affiliates suspected of being behind up to 5,000 cyberattacks that generated € 500,000 (£ 427,000 / $ 580,000) in ongoing international law. Law enforcement operation targeting the notorious criminal gang.

The arrests were made on Thursday, November 4, in the city of Constance by the Romanian unit for the fight against organized crime and terrorism. DIICOT, with the assistance of the local police and the national gendarmerie. DIICOT said it searched four houses in the Black Sea coastal city and seized smartphones, laptops and storage devices.

The action is part of Operation GoldDust, an effort of 17 countries coordinated by the European Union (EU) Europol and Eurojust, Interpol and law enforcement agencies around the world, as well as cybersecurity companies Bitdefender, KPN and McAfee. Operation GoldDust has witnessed extensive inter-agency collaboration to identify and track suspects and seize the IT infrastructure used in their attacks.

The latest operation means that a total of seven suspects associated with REvil and its predecessor GandCrab have been detained since February 2021, with three arrests made in South Korea, one in Kuwait and one in Europe. In total, some 7,000 victims are suspected of having been attacked.

The roots of the law enforcement operation lie in a Romanian-led investigation targeting REvil’s predecessor, GandCrab, dating back to 2018, when it was one of the most prolific ransomware. After the GandCrab operators “retired” in 2019, only to launch REvil a few months later, the clues from this investigation helped form the basis for Operation GoldDust.

“REvil has managed to compromise thousands of companies around the world and has been known to extort payments from victims much higher than the average market price. The companies that did not pay and tried to restore the backups were blackmailed by publishing their stolen confidential information, ”he said. Bogdan botezatu, Bitdefender Director of Threat Research and Reporting.

“Bitdefender’s Draco team provided advice and guidance on cyber security, especially in the areas of cryptography, forensics, and investigations that helped the law enforcement consortium in this operation to minimize the impact of successful ransomware attacks and ultimately led to arrests.

“This collaboration with law enforcement is an excellent example of the public and private sector working together to significantly disrupt cyber criminal activities,” he added.

Working together with law enforcement and other technical partners, Bitdefender also played a key role in developing free decryption tools for GandCrab and REvil, which can be obtained from the No more rescue website.

At the time of writing, the REvil decryption tool has helped more than 1,400 victims to decrypt their networks without having to pay their attackers, saving an estimated € 475 million in potential losses, while the decryption tools GandCrab have allowed more than 45,000 decrypts, saving millions more.

Leave a Comment