REvil members in custody after arrests in Kuwait and Romania

December 10, 2021
REvil Ransomware Arrested Kuwait Romania INTERPOL Law Enforcement

On November 4, Kuwaiti law enforcement arrested three GandGrab ransomware affiliates, also believed connected with REvil. The three individuals are suspected of numerous ransomware attacks and are asking for a $200 million ransom payment from their victims.

On the same day, law enforcement authorities in Romania arrested two alleged suspects, also believed to be REvil ransomware affiliates. Both of the suspects are identified as the threat actors responsible for attacking thousands of victims. The Romanian Directorate for Investigating Organized Crime (DIICOT) and police authorities initiated four home searches in Constant, Romania, leading them to confiscate mobile devices, laptops, and storage media.

Overall, as of today, the efforts of most law enforcement agencies have resulted in the arrest of 7 alleged REvil ransomware affiliates since February. Also, three other personas suspected as Revel ransomware affiliates were arrested inside the South Korean territory, and another one was arrested in Europe last month.

 

Multiple successful arrests of cybercriminals done by the authorities worldwide struck fear in the hearts of threat actors, including REvil.

 

The European Union Agency announced that the arrest is the collective result of several individuals and the operation GoldDust.  GoldDust is the joint force of multiple law enforcements of 17 distinct countries, the Europol, the INTERPOL, and Eurojust.

Moreover, Europol said that they have been supporting an investigation led by Romanian authorities to target the GandCrab ransomware strain with the cooperation of several law enforcement officers from multiple countries like the US and the UK. The Europol then added that all of these arrests could be attributed to the joint international law enforcement efforts to identify, wiretap, and exfiltrate some of the infrastructure used by the REvil Ransomware variant, which is also observed as the second coming of GandCrab.

 

The world realizes that the REvil head is safe, so they try to cut off the limbs.

These recent apprehensions revealed that law enforcement agency across the globe has realized that they cannot get to leading ransomware gang operators inside Russia. Fortunately, REvil’s Ransomware-as-a-Service operations can easily be thrown into confusion by arresting ransomware affiliates located in different countries worldwide.

Finally, the US Deputy Attorney also released an announcement that the United States will crack down on ransomware activities.

About the author