This is a rare catch in the ransomware world.
Seven hackers, including a 22-year-old Ukrainian implicated in the giant cyberattack against the Kaseya company in July, have been arrested, according to US and European authorities.
The operation, dubbed “Golddust” or “Quicksand”, involved 17 countries.
It targeted the Russian-speaking hacker group REvil, sometimes referred to as Sodinokibi, and the GandCrab ransomware group, Europol detailed in a statement.
Those arrested are suspected of having carried out "approximately 7,000 infections" around the world with software encrypting the data of their targets, and of having "demanded more than 200 million euros in ransoms" in exchange for the key to decryption, added the European Police Agency.
UPDATE: The Sodinokibi / REvil affiliate intercepted in Oct is suspected of perpetrating the Kaseya #ransomware attack, which affected up to 1,500 downstream businesses & asked € 70 million ransom.
He was arrested at the PL border after the US issued an int'l arrest warrant.
- Europol (@Europol) November 8, 2021
Thousands of victims
The main take of the operation is called Yaroslav Vasinsky, alias Robotnik. This Ukrainian is accused of having attacked the American IT company Kaseya on July 2, affecting a thousand of his customers. Among them, the supermarket chain Coop in Sweden, whose stores remained closed for several days. The young man was arrested on October 8 in Poland at the request of the United States, which also called for his extradition.
Two other hackers, suspected of having claimed 5,000 victims and pocketing half a million euros in ransoms, were arrested in Romania on Thursday.
Another was arrested in Kuwait and three in South Korea, according to Interpol.
The American justice also announced the seizure of 6.1 million dollars in cryptocurrency, corresponding to sums extorted by another member of the REvil group, the Russian Evguéni Polianine, during 3,000 attacks carried out in the United States.
Indicted there, he is probably in Russia, possibly in Barnaul in Siberia, according to a wanted notice issued by the US federal police.
Cybersecurity, one of Joe Biden's "priorities"
At the same time, and for the second time only, the American authorities announced sanctions against a cryptocurrency exchange called Chatex, suspected of having been used in ransomware attacks. In addition, the State Department has offered rewards of up to $ 10 million for any information that would locate or identify the leaders of REvil, considered by experts to be the most formidable group of cybercriminals in the field. ransomware.
Democratic President Joe Biden "praised" these efforts, assuring in a statement to have made cybersecurity one of his "priorities".
He recalled having discussed it in June in Geneva with Russian President Vladimir Putin, whose country is accused of offering a haven to hackers: “I had clearly said that the United States would act to hold these cybercriminals responsible, this is what we have done today ”, specified the American president.
Ransomware attacks are an increasingly lucrative form of digital hostage taking.
According to the US Treasury, $ 590 million in ransoms was paid in the United States alone in the first half of 2021, up from 416 in 2020.
Giant Cyber Attack: Kaseya Provides Tool to Unblock Impacted Customers
United States: A multitude of companies threatened by a "sophisticated" cyberattack
Share on Messenger
Share on Facebook
Share on twitter
Share on Flipboard
Share on Pinterest
Share on Linkedin
Send by Mail
A fault ?