Law enforcement agents have apprehended five alleged members of the once-notorious REvil ransomware group. The arrests were made pursuit to an international operation that came hot in the heels of a recent FBI hack that knocked the cyber gang offline.
What’s interesting is that the international operation saw the authorities recovering a staggering $8.3 million that had been paid by REvil victims as ransomware payment.
Europol shared the news online, and revealed that the successful onslaught was planned and executed by law enforcement agents from South Korea, Poland, and Romania – authorities from the here countries apprehended the ransomware masterminds as part of Operation GoldDust spanning 17 countries across the world.
Looking back, U.S. law enforcement had issued an international arrest warrant for Yaroslav Vasinskyi, a 22-year-old Ukranian national that was reported to have orchestrated the world-famous Kaseya cyber attack that affected an estimated 1,500 firms on a single weekend incident.
Operation GoldDust – REvil and Beyond
The recent aggression by law enforcement agencies and governments against hacker groups point to a changing cybercriminal ecosystem where the scales have started to tip.
The fortunes of ransomware operators are bound to change drastically considering the fact that the cybercriminal enterprises have long operated unabated by leveraging on dark web platforms and widespread corporate ignorance.
According to a Europol press release reporting on the recent developments, the international body facilitated the information exchange process, supported the coordination of activities surrounding Operation GoldDust and gave operational analytical support to the multiagency law enforcement exercise.
Further, Europol intimated that deployed cyber experts that were instrumental in mapping out the specific locations that was followed by activating a Virtual Command Post designed to streamline the cascade of events that happened on the ground.
It is noteworthy to also acknowledge that Europol supported a Romanian-led probe into the burgeoning international cybercrime that was largely blamed on the GandCrab ransomware group – the cybercrime family topped the list of most active ransomware gangs since 2020.
Europol experts discovered that a number of GandCrab affiliates had moved over to the REvil ransomware group even as they continued to wreak havoc across the international corporate arena.
GandCrab ballooned in stature to register a staggering one million victims under its belt – a boast that accorded it the title of the world’s most prolific ransomware family. As such, the EU-funded law enforcement operation culminated in the release of three decryption tools that went ahead to save an excess of 49,000 organizational systems from paying more than 60 million euros in ransom.