2 min read

Crackdown on REvil Ransomware Operators Results in Multiple Arrests, Recovery of $6 Million Extorted from Victims

Filip TRUȚĂ

November 09, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Crackdown on REvil Ransomware Operators Results in Multiple Arrests, Recovery of $6 Million Extorted from Victims

Actions taken against REvil affiliates ended with one arrest and the recovery of $6 million extorted from ransomware victims, the US Justice Department announced today. Romanian authorities have also detained two affiliates, bringing the number of REvil arrests to seven.

Yaroslav Vasinskyi, 22, a Ukrainian national, has been charged with conducting ransomware attacks against multiple victims, including the widely publicized July attack against several US companies.

Authorities also seized $6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting REvil ransomware attacks against multiple victims.

“Through the deployment of Sodinokibi/REvil ransomware, the defendants allegedly left electronic notes in the form of a text file on the victims’ computers,” according to the US Department of Justice. “The notes included a web address leading to an open-source privacy network known as Tor, as well as the link to a publicly accessible website address the victims could visit to recover their files. Upon visiting either website, victims were given a ransom demand and provided a virtual currency address to use to pay the ransom. If a victim paid the ransom amount, the defendants provided the decryption key, and the victims then were able to access their files. If a victim did not pay the ransom, the defendants typically posted the victims’ stolen data or claimed they sold the stolen data to third parties, and victims were unable to access their files.”

The $6.1 million seized from Polyanin is allegedly traceable to ransomware attacks and money laundering committed using Sodinokibi/REvil ransomware.

The two threat actors are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, multiple counts of damage to protected computers, and conspiracy to commit money laundering. They face more than a century in prison if convicted of all counts.

Vasinskyi was taken into custody in Poland where he is held by authorities pending his requested extradition to the United States. In parallel with this arrest, interviews and searches were carried out in multiple countries that ended up with several other REvil affiliates getting detained.

Romanian authorities have also arrested two affiliates of the REvil ransomware operation responsible for 5,000 infections. Since February 2021, law enforcement officers have arrested three other affiliates of REvil, plus two GandCrab suspects, bringing the total of arrests to seven.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read
Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read