Two arrested suspected of 5 000 ransomware attacks
Two persons suspected of cyber-attacks have been arrested in Romania allegedly responsible for 5 000 attacks that has made companies pay a total of half a million euro. The suspected have been using the Sodinokibi/REvil ransomware, Europol says. REvil stands for Ransomware Evil and is thought be have been behind the attack on beef producer JBS that said it had paid USD 11 million to get access to its computer system.
US security has said the group behind the ransomware is expected to be Russia-based.
Since February, law enforcement authorities have arrested three other affiliates of Sodinokibi/REvil and two suspects connected to GandCrab ransomware. Europol says Sodinokibi/REvil ransomware family is seen as the successor of GandCrab.
“Since 2019, several large international corporations have faced severe cyber-attacks, which deployed the Sodinokibi/REvil ransomware.”
France, Germany, Romania, Europol and Eurojust reinforced the actions against this ransomware by setting up a Joint Investigation Team in May 2021. Bitdefender, in collaboration with law enforcement, made a tool available on the No More Ransom website that would help victims of Sodinokibi/REvil restore their files and recover from attacks made before July 2021.
In October, one affiliate was arrested in Europe. Additionally, in February, April and October 2021 authorities in South Korea arrested three affiliates involved in the GandCrab and Sodinokibi/REvil ransomware families, which had more than 1 500 victims. On 4 November, Kuwaiti authorities arrested another GandGrab affiliate, meaning a total of seven suspects linked to the two ransomware families have been arrested since February 2021. They are suspected of attacking about 7 000 victims in total.
Since 2018, Europol says it has supported a Romanian-led investigation which targets the GandCrab ransomware family and involved law enforcement authorities from a number of countries, including the United Kingdom and the United States.
“With more than one million victims worldwide, GandCrab was one of the world’s most prolific ransomware families. These joint law enforcement efforts resulted in the release of three decryption tools through the No More Ransom project, saving more than 49 000 systems and over Euro 60 million in unpaid ransom so far. The investigation also looked at the affiliates of GandCrab, some of whom are believed to have moved towards Sodinokibi/REvil.”
Europol says many partners have provided decryption tools for a number of ransomware families via the No More Ransom website.
Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.
Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!
We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.
