European Criminal Police Organization Europol announced on November 8 that REvil (Sodinokibi), a cybercriminal organization using ransomware, and seven suspects were arrested one after another in Korea, Romania, Poland, and Kuwait. U.S. law enforcement officials also announced on the same day that a Ukrainian arrested in Poland was charged with a ransomware attack on the IT management service Kaseya and that extradition proceedings are underway.
Europol started Operation GoldDust in 2018, in which 17 countries including Australia, Belgium, Canada, France, Germany, Netherlands, Luxembourg, Norway, Philippines, Romania, Korea, Sweden, Switzerland, Kuwait, United Kingdom, and the United States participate. It launched an investigation into GandCrab, the largest ransomware crime syndicate at the time, which killed more than 1 million people. According to Europol, Grand Crab is the predecessor of Revil, known for a large-scale ransomware attack against JBS, a global meat conglomerate, or Kaseya, an IT management service company.
Europol, which was conducting an investigation into Grand Crab and its derivative Revil, arrested three Revil and Grand Crab officials in Korea in February, April and October of 2021. Moreover, in October, one Revil official directly involved in the attack on Kaseya was arrested in Poland; on November 4, two Revil officials were arrested in Romania, and on the same day, a Grand Crab official was arrested in Kuwait. Accordingly, a total of seven people related to Grand Crab and Reville have been arrested so far.
According to a report released in February 2021, Reville earned $123 million in 2020 alone. Moreover, in 2021, as they strengthened their activities, they targeted Apple and Acer one after another, and in July, the Kaseya attack caused tremendous damage to many customers.
In connection with the attack on Kaseya, U.S. law enforcement officials charged 22-year-old Ukrainian (Yaroslav Vasinskyi), a 22-year-old Ukrainian (Yaroslav Vasinskyi) arrested in Poland in October for several ransomware attacks, including the July 2021 attack on Kaseya on November 8. He announced that he was prosecuted and that he was carrying out procedures related to India.
The U.S. judiciary also announced that, apart from the seven mentioned above, it has indicted a 28-year-old Russian (Yevgeniy Polyanin), a Revil official, as a suspect and seized $6.1 million in funds the suspect held in crypto-asset exchange FTX. But he has not yet been arrested.
The indictment explains that the suspects conspired with members of the Reville and carried out the attack, but did not specify what action they took. However, if both are found guilty and the suspect loses, there is a possibility that each of them could be sentenced to more than 100 years in prison. Related information can be found here.