Romanian law enforcement authorities arrested two suspects suspected of being affiliates of the Sodinokibi / REvil ransomware on November 4, both suspected of infecting thousands of victims.
DIICOT (Romanian Directorate for the Investigation of Organized Crime and Terrorism) and judicial police officers carried out four house searches in Constanța, seizure of mobile devices (laptops, cell phones) and storage media.
The Bucharest court also ordered the pre-trial detention of the two affiliates of REvil for 30 days.
On the same day, Kuwaiti authorities also arrested a GandGrab ransomware affiliate, all three on suspicion of having around 7,000 attacks and demand more than 200 million euros in ransom.
In total, with those arrested on November 4, authorities have arrested seven suspects linked to REvil and GandGrab since February 2021.
Three other people suspected of being affiliated with REvil were arrested in South Korea in February, April and October, and one was arrested in Europe last month.
Of @McAfee_ATR we are proud to have assisted with technical research, identifying key infrastructure, suspects and providing custom configuration extractors for REvil samples. @ EC3Europol @PolitieTHTC @FBI @metpoliceuk Together with @BitdefenderLabs and @kpnsecurity https://t.co/LBFRisnSAk
– John Fokker (@John_Fokker) November 8, 2021
The announcement, made today by Europol (the European Union Agency for Law Enforcement Cooperation), says the arrests are the result of Operation GoldDust, which involved law enforcement officers from 17 countries, Europol, Eurojust and INTERPOL.
“Since 2018, Europol has supported a Romanian-led investigation that targets the GandCrab ransomware family and has involved law enforcement authorities in a number of countries, including the UK and the US,” Europol said.
“All of these arrests follow joint efforts by international law enforcement agencies to identify, wiretap and seize part of the infrastructure used by the Sodinokibi / REvil ransomware family, which is believed to be the successor to GandCrab. “
These recent arrests show that law enforcement around the world has realized they cannot reach major ransomware gang operators who are safe in Russia.
However, their Ransomware-as-a-Service (RaaS) operations can easily be disrupted by the arrest of ransomware affiliates located all over the world.
U.S. Deputy Attorney General Lisa Monaco also announced that the US to crack down on ransomware activity in an interview with The Associated Press on Nov. 4.
- REvil ransomware gang members and their affiliates arrested in multiple raids – TechToSee
- REVil ransomware developers added backdoor to trick affiliates
- Russia Arrests REvil Ransomware Gang Members, Seizes $6.6 Million
- Police arrest ransomware affiliate behind high-profile attacks
- Ransomware week – November 12, 2021