Europol arrested multiple members of REvil ransomware affiliates

In the latest law enforcement action, the Romanian police arrested two ransomware suspects, who are believed to be connected to the notorious REvil ransomware.

The Romanian Organized Crime and Terrorism Investigation Agency and judicial agencies have also conducted multiple searches of the suspect’s residence and seized mobile devices and documents.

On the same day, Kuwaiti government agencies arrested suspects related to GandGrab ransomware, and South Korean police also arrested suspects related to it.

Europol report

Seven suspects related to REvil and GandGrab ransomware were arrested in a joint operation, and the relevant investigation is still ongoing.

On the issue of ransomware attacks, the Biden administration of the United States has issued multiple orders, including but not limited to collecting relevant clues from netizens around the world through huge rewards.

The investigation was led by Romania and then coordinated by Europol. Seventeen countries including Australia, Belgium, Canada, France, Germany, the Netherlands, Luxembourg, Norway, Philippines, Poland, Romania, South Korea, Sweden, Switzerland, Kuwait, the United Kingdom, and the United States participated.

Europol stated that there is evidence that REvil is the successor of GandGrab, but the contradiction is that the core group of REvil may be located in Russia. These law enforcement agencies do not have the right to carry out operations in Russia.

At present, this ransomware adopts the so-called ransomware-as-a-service model, and peripheral affiliated companies are responsible for providing data or other supporting services to the core group.

Therefore, the operation of the core group will be affected after the peripheral company is attacked, but Europol has not yet announced the investigation dynamics of the relevant extortion group.