Government

Suspected REvil scammers arrested amid ongoing crackdown on ransomware

The European law enforcement agency says the suspects were behind 5,000 attacks netting nearly $579,000.

November 8, 2021

This picture taken on November 24, 2015 shows an outside view of the EU police agency Europol headquarters in The Hague. (Photo by Remko de Waal / ANP / AFP) / Netherlands OUT (Photo by REMKO DE WAAL/ANP/AFP via Getty Images)

Two cybercrime suspects accused of launching 5,000 ransomware attacks and netting roughly $579,000 were arrested by Romanian authorities, Europol announced Monday.

The suspects allegedly used the REvil ransomware strain, the malware variant associated with a notorious Russian cybercrime gang that’s been used in a recent string of high-profile international ransomware incidents. REvil was, until recently, perhaps the most commonly used ransomware generating hundreds of millions in revenue for attackers and affiliates.

The Europol arrests coincide with the U.S. Department of Justice’s seizure of $6 million in ransomware payments in connection with REvil activity, according to CNN. Authorities have charged Yevgeniy Polyanin, a Russian national, and Ukrainian Yaroslav Vasinskyi, who’s arrest was first reported by CyberScoop, in connection with deploying REvil ransomware.

The arrests mark the sixth and seventh arrests in an ongoing international law enforcement crackdown on ransomware operators. Since February, Europol said, three REvil affiliates have been arrested, along with two suspects connected to GandCrab, a formerly prolific strain of malware. Earlier arrests happened elsewhere in Europe, South Korea and Kuwait.

The arrests are part of Operation GoldDust, which involves 17 countries, including the United States, in a sprawling effort to combat ransomware gangs and affiliates. Europol notes that the GoldDust arrests “follow the joint international law enforcement efforts of identification, wiretapping and seizure of some of the infrastructure used by Sodinokibi/REvil ransomware family, which is seen as the successor of GandCrab.”

The Washington Post reported last week that U.S. Cyber Command and an unnamed foreign government targeted REvil infrastructure such that the group folded operations. The foreign government hacked REvil’s servers without the group’s notice, the Post reported, while U.S. Cyber Command blocked the group’s website by hijacking its traffic in October.

This is a developing news story that will be updated as more information becomes available.

Suspected REvil scammers arrested amid ongoing crackdown on ransomware

More Like This

Decade-old malware haunts Ukrainian police

Six-year old bug will likely live forever in Lenovo, Intel products

Top Stories

Mandiant: Notorious Russian hacking unit linked to breach of Texas water facility

With a mysterious surveillance target identified, calls for Congress to change course

House passes bill to limit personal data purchases by law enforcement, intelligence agencies

More Scoops

FBI seizes ALPHV leak website. Hours later, ransomware gang claims it ‘unseized’ it

LockBit ransomware suspect arrested in Canada, faces charges in US

‘Disgruntled insider’ shared REvil information with researchers, helped law enforcement

REvil member accused of Kaseya ransomware attack arraigned in Texas

Ukrainian authorities arrest suspected ransomware ringleader

Romanian ransomware suspect arrested in joint Europol, FBI operation

FBI seized $2.3 million in cryptocurrency from REvil ransomware affiliate

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics