Ukrainian Cyber Police have arrested two operators of an unnamed ransomware. It is reported that the operation was carried out jointly by the Ukrainian and French police, the FBI, Europol and Interpol. The suspects are believed to have been involved in attacks on 100 North American and European companies, “earning” in this way over $ 150 million.
A press release from the Ukrainian cyber police states that the authorities have arrested a 25-year-old resident of Kiev. Searches were carried out at the place of residence of the suspect and in the homes of his relatives, as a result of which computer equipment, mobile phones, vehicles, more than $ 360,000 in cash were seized, and about $1.3 million in cryptocurrency were blocked.
In total, the hacker attacked more than 100 foreign companies in North America and Europe. Among the victims are world-famous energy and tourism companies, as well as equipment developers. The hacker demanded a ransom to restore access to the encrypted data. The damage caused to the victims reaches $ 150 million.
Cyber Police of Ukraine reports.
In turn, Europol reports the arrest of two hackers who have been active since April 2020. At the same time, it is emphasized that this group “is known for its extortionate demands for a ransom from 5 to 70 million euros.”
The organised crime group is suspected of having committed a string of targeted attacks against very large industrial groups in Europe and North America from April 2020 onwards. The criminals would deploy malware and steal sensitive data from these companies, before encrypting their files.
Europol reports.
Due to the mention of such large ransom amounts, some information security experts suggested that two suspects may be associated with the ransomware group REvil.
That certainly sounds like REvil ransomware. The Kaseya ransom demand was famously $70 Million, and the average person may think REvil started in April 2020, with the famous hack of Grubman Shire Meiselas & Sacks happening about that time. For malware researchers, the timeline wouldn’t work, as REvil/Sodinokibi was being discussed as early as April 2019 by research teams like @cybereason and their @CR_Nocturnus team – but again – “the public” may not consider that to be the start.
For example, @GarWarner, researcher of Malware, Terrorism & Social Networks of Criminals writes.
Let me remind you that the Cyber Police of Ukraine arrested persons linked with the Clop ransomware.