A total of seven people have been arrested in connection with major cybercriminal group REvil, including two on November 4th.
Operation GoldDust, a joint international police operation – which took place both offline and online – involved 19 law enforcement organisations, including those in the UK.
The most recent two people were arrested in Romania. This is in addition to three other people arrested since February this year, along with another two from REvil’s predecessor, GandCrab. They were arrested in Poland, Ukraine, South Korea and Kuwait.
In total, the seven suspects linked to the two ransomware families are believed to have attacked around 7,000 victims. The two most recent arrests are supposed to have been responsible for 5,000 victims and €500,000 in ransoms.
In addition, the US has said that it has retrieved over $6 million (£4 million) in cryptocurrency as part of the operation.
But perhaps most importantly, among the seven suspects arrested is a Ukrainian national believe to have been behind the major Kaseya ransomware attack.
REvil had their reputation cemented this year as one of the most notorious cybercriminal groups in the world, largely due to this attack.
Kaseya provides third-party software to a wide range of organisations. By compromising Kaseya, the hackers were able to affect hundreds of companies across the supply chain.
However, success can be a double-edged sword for cybercriminals. The high-profile attacks brought unwanted attention on the group, and their dark web portal went down in summer this year.
The move caused speculation that REvil had been hit by law enforcement agencies or had decided to keep a low profile until things cooled off.
A purported REvil representative later claimed that they went to ground because they thought a group member had been arrested.
- Research and innovation shape industry and create green jobs of tomorrow
- Scot’s Proptech arbnco monitors air quality in government Covid-19 pilot
- UK Space Agency funds satellite projects to tackle climate change
Cybersecurity company Bitdefender was instrumental in helping wrap up the Kaseya attack. It developed a decryptor so organisations that had had their data encrypted could unlock it without having to pay REvil.
According to Bitdefender, their decryptor has helped more than 1,400 companies in 83 countries recover their files. With an average ransom demand of about $393,000, this means the company has saved over $550 million in unpaid ransom.
“Bitdefender supported this investigation by providing key technical insights throughout the entire investigation, along with decryption tools for both of these highly prolific ransomware families to help victims recover their files,” a Europol statement read.