Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels

Trend Micro -

A total of 13 suspects believed to be members of two prolific cybercrime rings were arrested as a global coalition across five continents involving law enforcement and private partners, including Trend Micro, sought to crack down on big ransomware operators.

About the GandCrab/REvil arrests

According to a report by Interpol, the global operation, which was done by 19 law enforcement agencies in 17 countries, led to the apprehension of seven suspects linked as “affiliates” or partners of GandCrab/REvil. The group is a prominent ransomware network deemed responsible for more than 7,000 attacks since early 2019.

Code-named Quicksand (GoldDust), the operation was a collaboration between Interpol, Europol, law enforcement agencies, and private firms. Each contributed to the four-year-long investigations by sharing information and technical expertise.

REvil (aka Sodinokibi) and GandCrab, believed to be manned by the same individuals, peddle ransomware-as-a-service (Raas), renting out ransomware code to other cybercriminals. Set up with groups known as affiliates, the scheme includes intrusions into companies, deployment of ransomware, and demand for ransom, after which profits are shared with the rest of the coders.

A report by Europol estimates that over €200 million in ransom demands had been made collectively since 2019 by the seven suspects

Read More: