This week, Romanian police arrested two individuals accused of deploying cyberattacks using the REvil ransomware variant, also known as Sodinokibi, as part of Operation GoldDust. In total, the defendants allegedly participated in 5,000 attacks, profiting hundreds of thousands of dollars.
Coordinated by Europol, Operation GoldDust has led to the arrest of multiple members of different cybercriminal groups thanks to the identification of attackers, interception of telephone lines, confiscation and arrests linked to the developers of these malware variants. This operation has the participation of European Union countries such as Belgium, France, Germany, Poland, Romania and Sweden, as well as the United Kingdom, the United States and some regions of Asia.
Europol and the justice agencies in Europe have identified in REvil one of the most dangerous cybercriminal infrastructures in the world, so they tried to find the best ways to combat the operations of this group. Among the main measures against REvil is the creation of an anti-ransomware team and the creation of a tool that allows you to remove some previous versions of this malware without having to negotiate with hackers, which is available on the renowned No More Ransom platform.
This is not the first similar blow that REvil operators receive; during the first half of 2021, South Korean police arrested three members of this operation, while in early November the Kuwaiti government announced the arrest of another affiliate of this operation. In total, eight REvil members have been arrested since February 2021.
In addition to police collaboration, the work of the cybersecurity community has been instrumental in combating ransomware. Cybersecurity firms and private investigators are constantly working to develop decryption tools that allow victims to reverse the effects of REvil and other ransomware variants.
In the case of No More Ransom, this platform has free access to decryption tools for various versions of REvil, GandCrab and other less popular malware variants. According to Europol, these tools have prevented cybercriminals from obtaining some $400 million in ransoms.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.