Romanian authorities have arrested two individuals suspected of cyber-attacks using the Sodinokibi/REvil ransomware. They are allegedly responsible for 5,000 infections, accounting for €500,000 in ransom payments, according to European law enforcement agency Europol.
REvil has been one of the most notorious ransomware groups of 2021, responsible for hundreds of high-profile attacks around the world.
A further suspected GandGrab affiliate was arrested by Kuwaiti authorities on the same day.
In addition to these arrests, Operation GoldDust saw three additional arrests in February, April and 2021 by authorities in South Korea against affiliates involved with REvil ransomware. Another affiliate was arrested in Europe in October. In total, the operation has resulted in seven arrests and it’s the first time they’ve been disclosed publicly by law enforcement.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The operation involved police from countries around the world and international law enforcement agencies Europol, Eurojust and Interpol. The arrests follow a joint operation which was able to identify intercept communications and seize infrastructure used during campaigns.
Operation GoldDust also received support from the cybersecurity industry from companies including Bitdefender, KPN and McAfee. Researchers at Bitdefender provided technical insights throughout the investigation, along with decryption tools to help victims of ransomware attacks