Seven people were arrested in an international operation against cybercriminals behind attacks that operate with ransomware, a type of program that hijacks information to ask for a ransom in return.
The detainees are part of the Russian hacker group REvil, sometimes called Sodinokibi, and the group GandCrabthe European Union law enforcement agency said in a statement.
One of the detainees, a Ukrainian affiliated with REvil, is suspected of having carried out the gigantic ransomware cyberattack that targeted the US computer company Kaseya, putting the data of up to 1,500 corporate clients at risk, Europol said.
Two people were arrested in Romania last Thursday and another in Kuwait. In recent months, three individuals were also detained in South Korea and another in an unspecified European country during an operation called “GoldDust”.
Seventeen countries participated in the operation, as well as Europol, Eurojust – the European agency for judicial cooperation – and Interpol, according to Europol.
“Suspects of some 7,000 infections, the detained affiliates demanded more than 230 million dollars as a ransom, “Europol said.
REvil: who are the arrested cybercriminals
The REvil band. (FBI via AP)
More precisely, the US Government imposed sanctions on a Ukrainian and a Russian on Monday, whom it accuses of being behind cyberattacks against US companies, and offered a reward of 10 million dollars for information leading to the arrest of implicated in a Russian network of hackers.
The US State and Treasury Departments announced these measures in separate statements.
The sanctioned individuals are the Ukrainian Yaroslav Vasinskyi y el ruso Yevgeniy Polyanin for having perpetuated Sodinokibi / REvil “ransomware incidents” against US targets, the Treasury said.
The Russian group REvil, also known as Sodinokibi, is one of the most prolific and profitable cybercriminal gangs in the world, with more than a million victims.
Washington believes Sodinokibi / REvil is behind this year’s cyberattacks against meat company JBS Foods and software firm Kaseya, which serves more than 40,000 organizations around the world.
According to the US Executive, Vasinskyi used ramsonware, a program capable of blocking a computer from a remote location and that hijacks its files and does not release them until a ransom is paid, against nine US companies.
Likewise, the Government of Washington accuses him of being responsible for the cyberattack last July against Kaseya, a company based in Florida.
On the other hand, he argues that Polyanin has been behind the hacking of US government institutions. and private sector companies.
The Treasury Department has also sanctioned the virtual currency exchange company Chatex “for facilitating transactions” for cyberattacks with “ramsonware”.
As a result of the measures announced this Monday, all the properties of those sanctioned under US jurisdiction are blocked and US citizens are prohibited from having transactions with them.
The State Department added that it offers a reward of $ 10 million for any data that helps identify or locate anyone who holds a leadership position within the Sodinokibi / REvil group.
Likewise, Washington offers 5 million dollars for information leading to the arrest or conviction in any country of individuals who participate or attempt to take part in cyberattacks orchestrated by that gang of hackers.