Europol arrests three suspects possibly involved in major ransomware activities

Image: Shutterstock/metamorworks

Europol announced contiguous 3 arrests of individuals who whitethorn beryllium progressive successful ransomware activities crossed the world. The suspects are allegedly liable for 5,000 infections, which represented astir fractional a cardinal Euros successful ransom payments.

Two individuals suspected of deploying the Sodinokibi/REvil ransomware person been arrested by the Romanian authorities, portion different idiosyncratic has been arrested successful Kuwait.

These arrests are connected to erstwhile instrumentality enforcement operations from February 2021, bringing the fig of arrests related to the Sodinokibi/REvil and GandCrab ransomwares to seven.

The Sodinokibi/REvil ransomware

The ransomware known arsenic Sodinokibi appeared successful April 2019 and revealed similarities successful its codification with different ransomware, dubbed GandCrab. Threat researchers judge it is highly probable that it was programmed by the aforesaid developers.

Sodinokibi has been 1 of the astir notorious ransomware threats successful 2021. It works successful a Ransomware-as-a-Service (RaaS) model, wherever the main transgression enactment (generally called REvil) provides the malware codification and updates to affiliates who dispersed it and grip the infections. Once a ransom is paid, the profits are shared betwixt the affiliates and the REvil cybercriminals.

In 2020, the radical became celebrated by launching several precocious illustration attacks targeting companies similar wealth transportation work Travelex, Honda, Jack Daniels shaper Brown-Forman and instrumentality steadfast Grubman Shire Meiselas & Sacks, which represents large figures similar erstwhile president of the US Donald Trump and artists similar Madonna and Robert De Niro.

SEE: Ransomware: What IT pros request to cognize (free PDF) (TechRepublic)

Operation GoldDust

Several efforts person been coordinated since 2019 to assistance combat the Sodinokibi/REvil attacks. France, Germany, Romania, Europol and Eurojust built a associated probe squad connected that ransomware successful May 2021, portion institution Bitdefender, successful collaboration with instrumentality enforcement, made a instrumentality disposable connected the No More Ransom website to retrieve files encrypted earlier July 2021.

A erstwhile probe led by Romania and involving respective different countries focusing connected the GandCrab ransomware household helped merchandise 3 much decryption tools connected the No More Ransom website and provided leads to Operation GoldDust. Those tools saved much than 49,000 systems and implicit €60 cardinal successful unpaid ransom according to Europol.

Operation GoldDust is portion of a wider four-year operation, which coordinated 19 instrumentality enforcement agencies successful 17 countries : Australia, Belgium, Canada, France, Germany, The Netherlands, Luxembourg,  Norway, Philippines, Poland, Romania, South Korea, Sweden, Switzerland, Kuwait, the United Kingdom and the United States.

SEE: Companies that wage ransomware attackers get thumbs down from consumers (TechRepublic)

More and much arrests

The monolithic maturation of ransomware activities wrong the past years person raised it to a apical precedence for instrumentality enforcement agencies astir the world. The US Department of Justice decided last June to elevate investigations connected ransomware attacks to the aforesaid level of precedence arsenic coercion successful the US.

In 2020, Chainalysis, a institution specialized successful analyzing cryptocurrencies transfers, reported that the full magnitude paid by ransomware victims accrued by 311% this twelvemonth to scope astir $350 cardinal worthy of cryptocurrency.

In February 2021, the South Korean National Police announced the apprehension of a 20-year-old suspected of being a GandCrab ransomware affiliate. Another GandCrab affiliate, a 31-year-old man, had been arrested successful July 2020 successful Belarus.

Last month, 12 individuals suspected of being progressive successful ransomware activities successful narration to LockerGoga, MegaCortex and Dharma ransomware were arrested successful a associated effort from 8 countries.

While Europol announced its occurrence with Operation GoldDust, the US Department of Justice revealed charges against Yaroslav Vasinskyi, a 22-year-old arrested successful Ukraine past month, and  Yevgeniy Polyanin, a 28-year-old Russian national. Both are suspected of conducting Sodinokibi/REvil ransomware attacks against aggregate victims.

The caller arrests are causing immense ripples successful the satellite of ransomware menace actors, who thought they would debar being caught by utilizing cryptocurrencies and darknet infrastructures.

According to CoveWare, the astir communal onslaught vector utilized by Sodinokibi/REvil is via RDP sessions, followed by phishing emails and software/hardware vulnerability exploitation. Those archetypal compromise methods are utilized by different actors successful the ransomware tract arsenic well.

For advice connected the champion ways to support your organization from the menace of ransomware attacks, cheque retired this TechRepublic article.

Author Cedric Pernet is simply a menace adept with a beardown absorption connected cybercrime and cyberespionage. He presently works astatine Trend Micro arsenic elder menace researcher.

Also see

• How to hole your squad to code a important information issue (TechRepublic)
• Checklist: Securing integer information (TechRepublic Premium)
• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)
• How to forestall different Colonial Pipeline ransomware attack (TechRepublic)