Authorities arrest REvil ransomware gang members – In The News

ByCraig Haley

Authorities in the US and Europe have announced they have arrested three people in connection to the REvil ransomware operation, dealing a large blow to the most prolific cybercrime organisation on the Internet.

The REvil ransomware enterprise – also known as Sodinikobi – has been responsible for a number of high-profile ransomware attacks across the world. In May 2021 they attacked the world’s largest meat processor, resulting in an $11 million ransom being paid out.

And in July they went even bigger, targeting software company Kaseya in a supply-chain attack which resulted in up to 1,500 businesses being infected with ransomware in what is considered by many as the largest ransomware attack to date. REvil had initially demanded a staggering $70 million to release a universal decryptor tool for all affected organisations.

But this week, Romanian police, the US Department of Justice (DOJ) and Europol announced the arrest of three people heavily involved with the criminal network.


Sponsored Content. Continued below...




The arrests come in response to Europol’s dedicated operation named GoldDust set up specifically to investigate the REvil operation. The three arrests last week brings the total up to 7 arrests total since February 2021. However these most recent arrests could prove pivotal.

Is it the end for REvil?

It is always difficult to tell after arrests have been made whether the authorities managed to grab the main ringleaders, or mere associates or affiliates that were helping with more menial tasks in a large criminal enterprise. If it were a real business, have the authorities managed to pinch the board of directors, or have they just taken out a couple of receptionists and the printer guy?

This is made even more complicated considering ransomware like the one used by REvil is often “hired out” to affiliates, and it is the affiliates that are actually the cybercrooks behind specific attacks. It’s a business model known as RaaS, or Ransomware-as-a-Service. In which case if the authorities are targeting those responsible for the attacks (i.e. the affiliates) then they’re not necessarily targeting the key operators and developers behind the ransomware.

And the arrests made in Romania and Ukraine last week appear to have been REvil affiliates, not the developers of REvil.

But it’s still good news. The affiliates arrested by authorities are suspected of being behind thousands of infections and millions of dollars of ransomware payments, including the July 2021 Kaseya attack. And it’s likely going to serve as more than just a shot across the bow to the developers of REvil who may feel very much like the walls are closing in on their illegal operations.


Sponsored Content. Continued below...




And that feeling is only going to be exacerbated by the US Department of Justice announcing this week a bounty of $10 million for information leading to the identification of location of anyone holding a key position in the REvil/Sodinokibi ransomware operation.

It’s likely, at this stage, that the developers of REvil will scurry underground. At least for a while. That’s what they did after the Kaseya attack which no doubt ramped up the efforts by law enforcement to bring them to justice.

And since REvil are arguably the largest ransomware group on the Internet right now, having them go underground amid pressure from law enforcement, this could just turn out to be a pivotal moment in the war against ransomware.

Keep up-to-date with all our latest articles. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)