REvil ransomware gang members and affiliates arrested in multiple raids

REvil ransomware gang members and affiliates have been arrested across the globe as law enforcement and authorities continue to target ransomware operators.

Confirming what had been suspected since REvil announced it was shutting down on Oct. 18, the U.S. Department of Justice said two foreign nationals linked to REvil were arrested last month. The indictment, only unsealed today, named Varosalv Vasinskyi, a 22-year-old Ukrainian national, with conducting ransomware attacks, including the attack of Kaseya Ltd in July.

A second man, Russian national Vevgeniy Polyanin, 28, was also charged for his role in REvil attacks, including an attack targeting business and government entities in Text on or about Aug. 16, 2019. There were multiple ransomware attacks in Texas at the time. The first was an attack on City of Del Rio, followed by a separate attack on 23 local governments in Texas less than a week later.

While those two were arrested last month, further arrests have also been disclosed. The European Union Agency for Law Enforcement Cooperation said other ransomware affiliates had been arrested.

Two were arrested on Nov. 4 by Romanian authorities and are alleged to have been responsible for 5,000 infections and had pocketed a half-million Euros in ransom payments. Europol added that since February, authorities have also arrested three other affiliates of REvil and two connected to GandCrab, a different ransomware gang. Three more REvil and GandCrab affiliates were arrested in South Korea at various times throughout the year, while on Nov. 4, authorities in Kuwait arrested another GandCrab affiliate.

The arrest of those linked to REvil comes as the U.S. Department of State offers multimillion-dollar rewards that target the gang. Coming after the announcement of rewards to track down the DarkSide ransomware gang Nov. 4, the State Department is offering up to $10 million for information leading to the identification or location of any individual holding a key leadership position in REvil, also known as Sodinokibi. Up to $5 million is on offer for information leading to the arrest or conviction of any individual involved in a REvil attack.

The reward money is being offered through the Department of State’s Transnational Organized Crime Rewards Program.

“Any arrest is a good arrest when it comes to ransomware,” John Bambenek, principal threat hunter at information technology and security operations company Netenrich Inc., told SiliconANGLE. “The key to being successful is operating in places outside of the reach of authorities. The actual penalties, however, are all over the map. It depends on many factors, including how useful the offender is to helping authorities catch bigger fish.”

Rick Holland, chief information security officer and vice president strategy at digital risk protection solutions firm Digital Shadows Ltd., agreed, calling the arrests good news, but he did provide a warning.

“Other criminal actors will be waiting in the wings to fill the void and the long-term implications of the arrests are yet to play out,” Holland explained. “In addition, these law enforcement actions result in cybercriminal innovation as the threat actors seek to improve their OPSEC and tradecraft to avoid getting arrested in the future. Over time, law enforcement arrests cull the herd.”

Photo: Europol

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source: Siliconangle

Recent Articles

Related Stories

Stay on op - Ge the daily news in your inbox