Authorities arrest two more individuals allegedly linked to REvil ransomware

Police in Romania have arrested two individuals suspected of using the Sodinokibi/REvil ransomware to infect as many as 5,000 machines, raking in half a million euros in ransom payments in the process.

Europol in announcing the effort, which was part of operation GoldDust, said it facilitated the exchange of information and provided analytical support, plus cryptocurrency, malware and forensic analysis. Operation GoldDust involved 17 countries including Canada, France, Germany, the United Kingdom and the United States, as well as members of Europol, Eurojust and Interpol.

During what was described as the “action days,” Europol set up a virtual command post and deployed experts to each location to coordinate ground-based activities.

Related reading: The Evolution of Ransomware: How Did We Get Here?

In total, seven suspects allegedly linked to the GandCrab and Sodinokibi/REvil ransomware families have been arrested since February 2021. Collectively, these individuals are said to be responsible for infecting roughly 7,000 victims.

Earlier this year, Bitdefender teamed up with law enforcement to publish a tool capable of unlocking files on systems impacted by REvil up through mid-July 2021.

Ransomware was recently identified by EU cybersecurity agency Enisa as one of nine prime threats emerging in the cybersecurity landscape. Malware, cryptojacking and misinformation were also high on Enisa’s list.

The US Department of State on Monday also announced rewards of up to $10 million for information that leads to the identification, arrest or conviction of members of the Sodinokibi/REvil group. The FBI also commented on the recent arrests.