Seven suspects of the ransomware criminal organization 'REvil' are arrested one after another around the world for Europol's 'GoldDust' operation



On November 8, 2021, the European Criminal Police Organization (

Europol) announced that seven suspects of the cybercriminal organization 'REvil (Sodinokibi) ' using ransomware and related organizations were in Korea, Romania, Poland and Kuwait one after another. Announced that he was arrested in. The U.S. Department of Justice also announced on the same day that Ukrainians arrested in Poland have been charged with ransomware attacks on IT management service Kaseya and are in the process of being handed over.

Five affiliates to Sodinokibi / REvil unplugged | Europol
https://www.europol.europa.eu/newsroom/news/five-affiliates-to-sodinokibi/revil-unplugged

Ukrainian Arrested and Charged with Ransomware Attack on Kaseya | OPA | Department of Justice
https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya

Europol: Seven REvil / GandCrab ransomware affiliates were arrested in 2021 --The Record by Recorded Future
https://therecord.media/europol-seven-revil-gandcrab-ransomware-affiliates-were-arrested-in-2021/

An alleged member of the REvil ransomware gang was arrested in Poland --The Verge
https://www.theverge.com/2021/11/8/22770701/revil-ransomware-arrest-kaseya-crypto-europol-cybersecurity

Since 2018, Europol has been investigating 'GandCrab', the largest ransomware criminal organization at the time, which caused more than 1 million victims, and based on the results, Australia, Belgium, Canada, France and Germany・ Launched the 'Gold Dust' operation in which 17 countries including the Netherlands, Luxembourg, Norway, Philippines, Poland, Romania, South Korea, Sweden, Switzerland, Kuwait, the United Kingdom, and the United States participated, and embarked on a full-scale investigation into GandCrab. .. According to Europol, GandCrab is the predecessor of REvil, known for its large-scale ransomware attacks on JBS, a global meat giant, and Kaseya, an international company that handles IT management services.



Europol, who was investigating GandCrab and its derivative REvil, arrested three REvil and GandCrab officials in South Korea in February, April, and October 2021. In addition, one REvil official who was directly involved in the attack on Kaseya was arrested in Poland in October, and two REvil officials were arrested in Romania on November 4, with GandCrab officials on the same day. Each was arrested in Kuwait. This brings the total number of people involved in GandCrab and REvil arrested so far to seven.

According to a report released in February 2021, REvil earned about $ 123 million in 2020 alone. Furthermore, in 2021, the activities became more active,

targeting Apple , Acer , Kajima Construction , a major Japanese general contractor, etc., and in July, a large number of managed service providers and theirs were attacked by Kajima mentioned above. It caused enormous damage to customers.

In connection with this attack on Kaseya, the U.S. Department of Justice was arrested in Poland in October for conducting multiple ransomware attacks, including the July 2021 attack on Kaseya, 22 years old. Yaroslav Vasinskyi, a Ukrainian in the country, has been accused and is in the process of handing over his identity. '



The U.S. Department of Justice has also charged Yevgeniy Polyanin, a 28-year-old Russian who is a REvil official other than the seven mentioned above, with the funds held by the suspect on the cryptocurrency exchange FTX 610. Announced that it has seized 10,000 dollars (about 690 million yen). However, Polyanin was not arrested at the time of writing the article.

The indictment only states that Vasinskyi and Polyanin colluded with members of REvil to attack, and did not reveal what they did. However, if all charges were found in court and both suspects lost, the two could each be sentenced to 100 years or more in prison.

Attorney General Merrick Garland said in a statement, 'Our message is clear. The United States, along with its allies, identifies the perpetrators of the ransomware attack, makes judgments, and regains the money the criminals stole from the victims. I will do my best to do that. '

in Security, Posted by log1l_ks