Ransomware gang behind worst cyberattack of the year caught

He has launched a blackmail attack against JBS and Kaseya, which has had a very bad impact, and many members of the REvil gang were arrested by the police;

Previously, the U.S. FBI and the cyber army had made many attempts to infiltrate the infrastructure of the REvil gang;

The global joint law enforcement campaign against ransomware has been effective. Recently, REvil/GandCrab/Clop and other ransomware-related personnel have been arrested, and the infrastructure has been offline.

International law enforcement agencies have arrested at least five people suspected of being linked to the REvil ransomware gang. Earlier this year, the REvil gang launched disastrous cyberattacks against Kaseya Software and JBS Foods.

According to a statement released by Europol on Nov. 8, Romanian authorities arrested two individuals suspected of being linked to REvil on Nov. 4. In addition, three other REvil gang suspects were caught in the first half of this year, so a total of five people have been arrested and brought to justice.

The hackers are accused of launching around 5,000 ransomware attacks and collecting around 500,000 euros ($579,000) in ransom. Many ransomware gangs supply their own malware to affiliated gangs, who then use it to attack their victims, in what’s known as “ransomware-as-a-service/RaaS.”

US also indicts a REvil gang member

A Ukrainian man has been indicted in the United States for participating in 2,500 ransomware attacks and accumulating ransom demands of hundreds of millions of dollars, according to court documents released in Dallas on Monday.

The indictment mentions that Yaroslav Vasinskyi faces multiple charges including conspiracy to commit fraud and other computer crimes in connection with multiple ransomware attacks by the REvil gang. Prosecutors stressed that Vasinskyi was “knowingly” conspiring to sabotage U.S. computer systems. It is unclear whether Vasinksyi was one of the five arrested REvilt gang members.

REvil, short for “Ransomware-Evil”, is considered one of the most active ransomware gangs in the world. The gang is accused of launching a series of attacks on a number of companies and institutions this year, with well-known victims including Brazilian meat supplier JBS and Miami-based technology manufacturer Kaseya. JBS paid the $11 million ransom, while Kaseya said it refused to give in to the hackers.

Global Intensive Joint Law Enforcement

U.S. President Joe Biden has made fighting ransomware a priority for his administration. Earlier this year, the White House invited more than 30 countries to join the Anti-Ransomware Initiative, whose stated goals include improving cybersecurity and disrupting the ransomware economy (especially cryptocurrencies commonly used in ransomware).

Europol also mentioned that law enforcement agencies have identified other affiliated gangs that rent ransomware from them after seizing infrastructure used by REvil and conducting investigative operations such as surveillance.

In addition to the arrests of REvil members, Europol has also cracked down this year on two affiliated gangs developed by another prolific ransomware gang, GandCrab.

The arrests, announced Monday, are part of GoldDust’s larger international investigation. The investigation was conducted by law enforcement agencies from 17 countries around the world, including the United States, the United Kingdom, France and Germany.

“This represents a historic collective offensive by 17 countries against the cybercriminal coalition,” said Tom Kellermann, head of cybersecurity strategy at VMware. “Operation GoldDust has already had a meaningful impact in the fight against ransomware attacks.”

But he also added, “Destructive cyberattacks will continue and become more systematic. Collective action among like-minded countries must be strengthened, as well as increased confiscation of digital currencies involved in cybercriminal activities.”

Also known as Sodinokibi, REvil made its debut in 2019. This Russian-speaking gang is notorious for staggering ransom amounts, aggressive attack posture, and high-profile targeting. They also maintain a “Happy Blog” page on the dark web dedicated to leaking or auctioning off files stolen from victims’ computers.

According to the IBM Threat Intelligence Index, the gang made at least $123 million in profits in 2020 and stole about 21.6 terabytes of data.

The REvil website disappeared from the dark web in July and reappeared in September, but disappeared again soon after. According to the “Washington Post” report, in October this year, U.S. Cyber ​​Command and a foreign government invaded the gang’s server and blocked its website. REvil’s website did not last long after it was restored.

Multiple ransomware hit

Law enforcement around the world has been putting enormous pressure on criminal activity this year as ransomware attacks against critical infrastructure, healthcare, businesses and educational institutions escalate.

These enforcement activities have resulted in the arrest of multiple ransomware gang members and the dismantling of infrastructure, including:

Netwalker ransomware website compromised, Canadian branch arrested;

Two members of the ransomware attack gang were arrested on suspicion of being involved in about 100 cyber attacks;

12 ransomware attackers were apprehended, targeting 1,800 victims in 71 countries;

6 members of Clop ransomware arrested.

Law enforcement has also led ransomware gangs to voluntarily shut down their operations as they feel law enforcement is starting to crack down on such activities. This includes the recently shut down REvil and BlackMatter sites, as well as the Avaddon ransomware shutdown in June.

While ransomware gangs may suspend their operations, that doesn’t mean law enforcement has given up on bringing them to justice. This week, the U.S. State Department announced a $10 million reward to identify or locate key leaders of the DarkSide/BlackMatter ransomware gang.

Author: Yoyokuo