(Bloomberg) — Law enforcement agencies have arrested five people allegedly associated with the prolific ransomware group REvil, which was behind this year’s devastating cyberattacks on Kaseya Ltd and JBS SA.
Romanian authorities arrested two alleged affiliates of the group on Nov. 4, according to a statement released on Monday by European law enforcement agency Europol. A further three arrests of REvil suspects were made earlier this year, Europol said.
The alleged hackers are suspected of involvement in about 5,000 ransomware infections and received about half a million Euros ($579,000) in ransom payments.
“REvil,” short for “Ransomware-Evil,” is known as one of the world’s most prolific ransomware gangs. The group is accused of staging several attacks this year against major companies and organizations, including Brazilian meat supplier JBS and Miami-based technology company Kaseya. JBS paid an $11 million ransom, while Kaseya said it declined to pay the hackers.
Europol said that law enforcement agencies had identified the alleged affiliates of REvil after seizing infrastructure used by the group and carrying out investigative methods such as wiretapping.
In addition to the REvil arrests, Europol said that law enforcement agencies also this year apprehended two alleged affiliates of GandCrab, another prolific ransomware group.
The arrests revealed on Monday were made as part of an international investigation named GoldDust, which involved law enforcement agencies from 17 countries, including the U.S., U.K., France, and Germany.
(Corrects headline to reflect police, not Interpol, made the arrests and corrects amount of ransom received in third paragraph.)
More stories like this are available on bloomberg.com
©2021 Bloomberg L.P.
