Two participants suspected of conducting 5,000 REvil ransomware attacks had been arrested by Romanian police final week as a global crackdown on the crime gang gathers crawl
In the wake of October’s multinational operation focusing on the REvil (aka Sodinokibi) ransomware gang’s infrastructure, Romanian police maintain arrested two suspected REvil affiliates suspected of being on the befriend of as many as 5,000 cyber attacks netting €500,000 (£427,000/$580,000) in an ongoing world legislation enforcement operation focusing on the notorious crime gang.
The arrests had been made on Thursday 4 November within the city of Constanţa by Romania’s organised crime and counter terrorism unit, DIICOT, with the befriend of native police and the nationwide gendarmerie. DIICOT said it conducted searches of 4 properties within the Dusky Sea float city, and seized smartphones, laptops and storage devices.
The circulation forms portion of Operation GoldDust, a 17-nation effort coordinated by the European Union’s (EU’s) Europol and Eurojust companies, Interpol, and police forces from all the absolute most sensible way thru the world, as successfully as cyber security firms Bitdefender, KPN and McAfee. Operation GoldDust has considered intensive inter-agency collaboration on figuring out and tracking the suspects, and seizing the IT infrastructure prone in their attacks.
Essentially the most popular sting way that a complete of seven suspects associated with REvil and its predecessor GandCrab maintain been taken into custody since February 2021, with three arrests made in South Korea, one in Kuwait, and one more in Europe. Altogether, they’re suspected of attacking round 7,000 victims.
The legislation enforcement operation’s roots lie in a Romanian-led investigation focusing on REvil’s predecessor GandCrab, relationship befriend to 2018 when it turned into once one of essentially the most prolific ransomwares round. After the operators of GandCrab “retired” in 2019, handiest to begin REvil just a few months later, leads from this investigation helped construct the premise of Operation GoldDust.
“REvil has managed to compromise hundreds of firms all the absolute most sensible way thru the world and turned into once identified to extort noteworthy bigger payments from victims than the moderate market mark. Corporations that did now not pay and tried to revive from backups had been blackmailed with the newsletter of their stolen confidential data,” said Bogdan Botezatu, Bitdefender director of threat analysis and reporting.
“The Bitdefender Draco Crew equipped cyber security consulting and steerage especially in areas of cryptography, forensics, and investigations that helped the legislation enforcement consortium in this operation minimise the influence of winning ransomware attacks, and at final led to arrests.
“This collaboration with legislation enforcement is a main instance of the final public and interior most sector working together to vastly disrupt cyber criminal actions,” he added.
Working alongside legislation enforcement and other technical partners, Bitdefender also played a key purpose in rising free decryption instruments for both GandCrab and REvil, which is able to be got from the No More Ransom web attach of abode.
At the time of writing, the REvil decryption tool has helped bigger than 1,400 victims to decrypt their networks with out a have to repay their attackers, saving an estimated €475m in seemingly losses, whereas the GandCrab decryption instruments maintain enabled bigger than 45,000 decryptions, saving millions extra.
Read extra on Hackers and cybercrime prevention
![]()
BlackMatter ransomware crew shuts down, leaves victims in a bind
By: Alex Scroxton
![]()
Multi-govt operation targets REvil ransomware team
By: Sebastian Klovig Skelton
![]()
4 kinds of ransomware and a timeline of assault examples
By: Isabella Harford
![]()
Bitdefender releases REvil popular ransomware decryptor
By: Alexander Culafi
