Europol reported on Monday that seven suspects had been arrested in connection with the REvil and GandCrab ransomware operations by law enforcement agencies in many countries.
Three individuals have been apprehended in South Korea, one in Kuwait, two in Romania, and one in an unspecified European country since February. Five of the individuals are suspected of being involved in cyberattacks with the REvil (aka Sodinokibi) ransomware, while the other two are suspected of being involved in GandCrab operations.
The most recent arrests took place on November 4, and they targeted three people in Romania and Kuwait.
Yaroslav Vasinskyi, a Ukrainian national jailed in Poland last month, might be the person apprehended in the undisclosed European country.
According to CNN, the US has requested Vasinskyi’s extradition to face charges relating to the use of REvil ransomware, which was used in the attack on IT firm Kaseya. Vasinskyi and a Russian national, Yevgeniy Polyanin, are likely to face charges on Monday, according to the Justice Department.
Polyanin is also anticipated to announce the recovery of $6 million in ransomware payments from the Justice Department.
It’s worth noting that REvil, which debuted in 2019, has been dubbed a GandCrab replacement. These ransomware families have been employed in assaults on a number of significant corporations, with their operators demanding ransom payments in the millions, if not tens of millions of dollars.
Authorities have increased their efforts against ransomware following a spate of recent assaults, including those on Kaseya and Colonial Pipeline, leading in arrests, hackers announcing shutdowns, and activities being disrupted by law enforcement.
The REvil ransomware was shut down by a law enforcement operation two weeks ago, according to reports.
Europol announced the arrests on Monday as part of the GoldDust law enforcement investigation, which comprised 17 countries. Government agencies worked with cybersecurity companies to conduct investigations, which resulted in the release of decryption tools that, according to authorities, saved businesses hundreds of millions of dollars in potential damages.
REvil has also been linked to the DarkSide malware, which was employed in the attack on Colonial Pipeline. Last Monday, the US government announced a reward of up to $10 million for information leading to the identify or whereabouts of senior DarkSide gang members.
Six people reportedly linked to the Clop ransomware were arrested last week in a global law enforcement operation, according to Interpol.