Authorities are tightening the noose around REvil, a gang of cybercriminals behind one of the deadliest strains of ransomware.
On Monday, November 8, the United States announced the arrest of 22-year-old Ukrainian Yaroslav Vasinsky in Poland. U.S. officials particularly blame him“Related” By REvil Responsible for the attack on Kasaya in July. By attacking this American company that specializes in digital services, the hacker (s) were able to infect a large number of its customers, this attack marked the spirits by its size and technique, ransomware attacks are usually about one company at a time.
Mr Wasinsky was arrested on October 8 while on a flight from Ukraine to Poland, Attorney General Merrick Garland, who is also the Minister of Justice, told a news conference.
Ransomware is malicious software that disables the system and demands a ransom to open it. An essential link in a ransomware attack is the “affiliates”: they are responsible for infiltrating the victims’ computer network with ransomware created by the mob. Malware writers are generally responsible for extorting money from victims. The extorted sums will be shared between the developers and their subsidiaries.
Two more arrested in Romania
A little earlier, Europol had already announced Four people suspected of being associated with REvil have been arrested in Romania. Two of them were arrested in the coastal city of Constanta on Thursday, November 4, and were remanded in pre-trial detention by Romanian police following a joint investigation between Germany, France and Romania. Announced the latter. French investigators were on the ground. The two men are suspected of assaulting 5,000 victims and extorting half a million dollars (approximately 430,000 euros).
Europol also said that two Gandcrab subsidiaries have been arrested by Kuwaiti police. Gandcrab is a gang behind another highly active strain of ransomware that is said to have been dismantled in May 2019, but most experts believe the same individuals responsible for REvil. Europol also announced the arrest of several suspected pirates by South Korean authorities, noting whether they are suspected of collaborating with Gandcrab or REvil. Overall, this brings to seven the number of cybercriminals arrested in connection with the REvil and Gandcrab ransomware attacks in recent months.
REvil has hit U.S. officials in the wallet since U.S. officials announced they had seized more than $ 6 million in cryptocurrencies extorted by a subsidiary believed to be 28-year-old Yevgeny Balion. The latter is still in hiding, but he has been indicted by American justice. REvil subsidiaries have been accused of extorting more than $ 200 million in total. Department of the Treasury Also allowed Chatex, a cryptocurrency exchange and three related companies. U.S. officials accuse cybercriminals of extorting money from victims.
The rope tightens around the REvil
The arrests and the seizure of funds are the result of significant efforts in recent months by several countries, including the United States and France, to crack down on the criminal ransomware industry, which has caused immeasurable damage around the world. REvil was targeted: In the United States, officers were particularly burned by the group’s two attacks: the activity of the food group JBS, with the exception of Kaseya It was badly hit by pirates in June.
Activities targeting this group have increased in recent months. Many German media Recently revealed Investigators from across the Rhine were able to identify one of REvil’s brains. This person, whose identity is known to journalists but whose name has not been made public, is not one of the two suspected pirates whose chargesheet was released Monday by the United States.
According to Various The media American, The FBI and the U.S. military cyber command infiltrated a portion of the infrastructure used by the Revolt in the summer, significantly disrupting the activities of hackers and allowing them to obtain valuable information. According to Washington Post, US law enforcement agencies there, once, discovered that a foreign country had already successfully hacked REvil.
This foreign country may be European countries. In fact, Revealed the existence of Europol Gold Dust, a move common to many states on the continent, has been investigating REvil for two years, and its investigations have led to the arrest of two Romanians in particular.