International coalition arrests hackers linked to thousands of ransomware attacks

iStock

Romanian authorities have arrested two individuals they say are linked to the use of REvil ransomware as part of a prolific hacking group tied to attacks on several major American companies in recent months. 

Europol on Monday announced the arrests, which took place Thursday, saying that the two individuals arrested are alleged to be behind more than 5,000 cyberattacks and are accused of having gained more than half a million Euros in ransomware payments made by victims. 

The arrests were the latest in a string of operations pursued by a coalition of international partners against REvil, with Europol saying Monday that three other individuals associated with REvil, along with two others associated with a linked cyber crime group, have been arrested since February. 

In total, all seven suspects have been allegedly linked to carrying out ransomware attacks that have impacted around 7,000 victims. 

The arrests were the result of an international effort between 17 countries, Europol, Eurojust, and INTERPOL as part of an effort to go after the individuals behind the REvil ransomware group. Countries participating included the United States, Australia, Belgium, Canada, France, Germany, the Netherlands, Luxembourg, Norway, Philippines, Poland, South Korea, Sweden, Switzerland, Kuwait and the United Kingdom.

Europol also thanked private sector groups for their assistance in the operation, including KPN and McAfee Enterprises, which helped provide decryption keys and technical expertise. 

REvil has been tied to the attacks this year on IT company Kaseya, which resulted in up to 1,500 companies being compromised, and on meat producer JBS USA. 

The U.S. and a coalition of allied countries last month forced the REvil group offline. This was the second operation against REvil, which went dark shortly after the attack on Kaseya in July, which occurred just prior to the FBI and other federal agencies launching a planned operation against the group. The FBI chose to withhold a decryption key from Kaseya and other groups impacted by the attack while the operation was ongoing. 

The arrests were announced the same day that CNN reported that the Justice Department is expected to announce that $6 million in ransomware attack payments were seized as part of the arrest of a Ukrainian individual charged with carrying out the attack on Kaseya.  

The Justice Department is set to make an announcement regarding a major law enforcement investigation later Monday, but it was not immediately clear if this is linked to the arrests.

Tags Cybercrime DarkSide Hacker groups JBS USA Justice Department kaseya Kaseya VSA ransomware attack Ransomware attack REvil Romania

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.