Suspected REvil scammers arrested amid ongoing crackdown on ransomware

Two cybercrime suspects accused of launching 5,000 ransomware attacks and netting roughly $579,000 were arrested by Romanian authorities, Europol announced Monday.

The suspects allegedly used the REvil ransomware strain, the malware variant associated with a notorious Russian cybercrime gang that’s been used in a recent string of high-profile international ransomware incidents. REvil was, until recently, perhaps the most commonly used ransomware generating hundreds of millions in revenue for attackers and affiliates.

The Europol arrests coincide with the U.S. Department of Justice’s seizure of $6 million in ransomware payments in connection with REvil activity, according to CNN. Authorities have charged Yevgeniy Polyanin, a Russian national, and Ukrainian Yaroslav Vasinskyi, who’s arrest was first reported by CyberScoop, in connection with deploying REvil ransomware.

The arrests mark the sixth and seventh arrests in an ongoing international law enforcement crackdown on ransomware operators. Since February, Europol said, three REvil affiliates have been arrested, along with two suspects connected to GandCrab, a formerly prolific strain of malware. Earlier arrests happened elsewhere in Europe, South Korea and Kuwait.

The arrests are part of Operation GoldDust, which involves 17 countries, including the United States, in a sprawling effort to combat ransomware gangs and affiliates. Europol notes that the GoldDust arrests “follow the joint international law enforcement efforts of identification, wiretapping and seizure of some of the infrastructure used by Sodinokibi/REvil ransomware family, which is seen as the successor of GandCrab.”

The Washington Post reported last week that U.S. Cyber Command and an unnamed foreign government targeted REvil infrastructure such that the group folded operations. The foreign government hacked REvil’s servers without the group’s notice, the Post reported, while U.S. Cyber Command blocked the group’s website by hijacking its traffic in October.

This is a developing news story that will be updated as more information becomes available.

The post Suspected REvil scammers arrested amid ongoing crackdown on ransomware appeared first on CyberScoop.


This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.