Two alleged members of the cybercriminal group REvil (also known as Sodinokibi) were arrested on Thursday (04), in Romania, by the local police, in partnership with the European Police (Europol). Individuals are being accused of infecting with ransomware and extorting nearly 5,000 victims, which earned them around €500,000 illegally.
According to Europol, since February of this year, three other members of the REvil ransomware have been captured by international police, in operations that have already involved joint actions with 17 countries, as part of an operation to annihilate the REvil ransomware, which has already caused irreparable damage to the international economy, but especially to the United States, where the group’s victims are concentrated.
“In early October, a Sodinokibi / REvil affiliate was arrested on the Polish border after an international arrest warrant was issued by the United States.. The Ukrainian citizen is suspected of committing the Kaseya attack, which affected around 1500 companies downstream and for which Sodinokibi / REvil asked for a ransom of around 70 million euros. Furthermore, In February, April, and October 2021, South Korean authorities arrested three affiliates involved in the GandCrab and Sodinokibi / REvil ransomware families, which claimed more than 1,500 victims“writes the corporation.
USA offers U$5 million on the heads of REvil members
The US Department of Justice announced, on Monday (08), the arrest of a Ukrainian operating the ransomware REvil, mentioned by Europol above. With the prison, more than $6 million in cryptocurrencies were recovered.
Now the US government is offering a $10 million reward for locating members of the REvil ransomware and an additional $5 million for information relevant to cybercriminals.
REvil dismantles
In addition to the cases cited by Europol, since February this year, other members linked to the REvil ransomware were also captured, just as the group’s dark web page was taken down.
In September 2021, two members of a cybercriminal group (suspected of being REvil operators) were arrested in Ukraine, after an operation by the Ukrainian, French, Eropol and Interpol police.
As early as October 2021, Happy Blog, the dark web page used by cybercriminals to publish data leaks from victims who didn’t pay their ransom, was brought down in a joint action between the German government and the US police. In addition to taking down the page, members of the group’s leadership were also identified.
Source: Europol; кібер полічейскі; Reuters; US Department of Justice, TheHack.