Europol: Seven REvil/GandCrab ransomware affiliates were arrested in 2021

REvil-arrests-Romania

Europol has announced today the arrests of seven suspects who worked as “affiliates” (partners) for a major ransomware cartel and have helped carry out more than 7,000 attacks since early 2019.

The suspects worked part of the REvil (Sodinokibi) and GandCrab Ransomware-as-a-Service (RaaS) operations.

Both REvil and GandCrab, believed to be operated by the same individuals, created ransomware code that they offered to other cybercriminals for rent.

These renting groups, more commonly known as “affliates,” would orchestrate intrusions into companies, deploy the ransomware, ask for a ransom, and then split the profits with the REvil/GandCrab coders.

Europol says that since 2019, when the GandCrab ransomware was first spotted and before it rebranded into REvil, the seven suspects carried out attacks in which they collectively asked for more than €200 million ($230 million) in ransom demands.

Since February this year, Europol said it’s been working with law enforcement agencies and security firms such as Bitdefender, KPN, and McAfee, to apprehend some of these affiliate groups. According to Europol, arrests have been made in:

  • February, April, October – three affiliates REvil and GandCrab affiliates arrested in South Korea
  • October – one REvil affiliate arrested in Europe
  • November 4 – two REvil affiliates arrested in Constanta, Romania
  • November 4 – one GandCrab affiliate arrested in Kuwait

These arrests come after western countries, led by the US, promised to crack down on ransomware gangs earlier this summer.

The decision to go after ransomware operators comes after ransomware attacks hit their peak this year, with groups launching attacks that crippled industry sectors for days — such as the attack on Colonial Pipeline this May, which stopped 45% of all fuel supply to the US East Coast.

Bitdefender, who participated in the Europol-led crackdown against the GandCrab/REvil gang, also released a universal decrypter for past REvil victims on September 16. The Romanian company also released free decrypters for the GandCrab version, all of which can be downloaded from the NoMoreRansom portal.

An eight GangCrab affiliate was detained in Belarus, in August 2020, but the arrest was not part of the Europol joint investigation.

The post Europol: Seven REvil/GandCrab ransomware affiliates were arrested in 2021 appeared first on The Record by Recorded Future.

Article Link: Europol: Seven REvil/GandCrab ransomware affiliates were arrested in 2021 - The Record by Recorded Future