Table of Contents
Two folks suspected of conducting 5,000 REvil ransomware assaults win been arrested by Romanian police closing week as an international crackdown on the crime gang gathers tempo
In the wake of October’s multinational operation focusing on the REvil (aka Sodinokibi) ransomware gang’s infrastructure, Romanian police win arrested two suspected REvil mates suspected of being dreary as many as 5,000 cyber assaults netting €500,000 (£427,000/$580,000) in an ongoing international law enforcement operation focusing on the infamous crime gang.
The arrests win been made on Thursday 4 November in town of Constanţa by Romania’s organised crime and counter terrorism unit, DIICOT, with aid from native police and the nationwide gendarmerie. DIICOT talked about it conducted searches of four properties in the Gloomy Sea wing city, and seized smartphones, laptops and storage devices.
The action forms fragment of Operation GoldDust, a 17-country effort coordinated by the European Union’s (EU’s) Europol and Eurojust agencies, Interpol, and police forces from world wide, as properly as cyber safety companies Bitdefender, KPN and McAfee. Operation GoldDust has viewed in depth inter-company collaboration on figuring out and monitoring the suspects, and seizing the IT infrastructure inclined in their assaults.
Essentially the most fresh sting manner that a total of seven suspects connected to REvil and its predecessor GandCrab win been taken into custody since February 2021, with three arrests made in South Korea, one in Kuwait, and every other in Europe. Altogether, they are suspected of attacking around 7,000 victims.
The law enforcement operation’s roots lie in a Romanian-led investigation focusing on REvil’s predecessor GandCrab, dating abet to 2018 when it used to be one of basically the most prolific ransomwares around. After the operators of GandCrab “retired” in 2019, handiest to delivery REvil about a months later, leads from this investigation helped invent the postulate of Operation GoldDust.
“REvil has managed to compromise thousands of companies world wide and used to be identified to extort much bigger payments from victims than the life like market tag. Companies that did no longer pay and tried to revive from backups win been blackmailed with the newsletter of their stolen confidential knowledge,” talked about Bogdan Botezatu, Bitdefender director of threat study and reporting.
“The Bitdefender Draco Crew equipped cyber safety consulting and steering especially in areas of cryptography, forensics, and investigations that helped the law enforcement consortium in this operation minimise the influence of successful ransomware assaults, and in the end ended in arrests.
“This collaboration with law enforcement is a prime instance of the overall public and inner most sector working together to vastly disrupt cyber legal actions,” he added.
Working alongside law enforcement and other technical partners, Bitdefender moreover played a key feature in growing free decryption instruments for both GandCrab and REvil, that shall be obtained from the No Extra Ransom web set up of abode.
At the time of writing, the REvil decryption instrument has helped more than 1,400 victims to decrypt their networks without having to repay their attackers, saving an estimated €475m in capability losses, whereas the GandCrab decryption instruments win enabled more than 45,000 decryptions, saving hundreds of thousands more.
Learn more on Hackers and cybercrime prevention
BlackMatter ransomware crew shuts down, leaves victims in a bind
By: Alex Scroxton
Multi-authorities operation targets REvil ransomware community
By: Sebastian Klovig Skelton
4 forms of ransomware and a timeline of assault examples
By: Isabella Harford
Bitdefender releases REvil popular ransomware decryptor
By: Alexander Culafi
