Ransomware suspects accused of thousands of attacks arrested in global sting
- Operation dubbed GoldDust was carried out in 17 countries
- Arrests were linked to the Russian-based hacker group REvil
An international investigation has struck a blow against hackers alleged to be behind thousands of ransomware attacks.
Operation GoldDust involved 17 countries – including the US, Britain, Germany, France, the Netherlands, Poland, Romania and Canada – as well as Interpol, Europol and Eurojust, an EU agency dealing with judicial cooperation.
The US Department of Justice announced Monday the capture in Poland of a Ukrainian man suspected of being behind cyberattacks including a major one on US service provider Kaseya.
Hundreds of companies in the US and other countries were attacked with extortion software via a vulnerability at Kaseya in early July.
Europol and Eurojust meanwhile announced the arrest of two people in Romania for allegedly using the same REvil software to carry out attacks.
The suspects stand accused of launching around 7,000 attacks against businesses and organisations, in which software was used to lock up the contents of their computers until they received a payment. They allegedly made off with millions of euros.
The two EU agencies announced another five arrests in other countries in previous days.
Eurojust said the cyberattacks were aimed at a wide range of institutions, including companies, local government, hospitals, schools, universities and courts.
US, Britain and EU accuse China of sponsoring massive Microsoft email server hack
French, German, Romanian and Swiss teams were at the core of the European operation, according to Eurojust.
Interpol noted further arrests in Kuwait and South Korea linked to intelligence sharing through the operation.
Extortion software – known as ransomware – sees hackers encrypt data and then demand money for its release.
The REvil group has carried out major attacks in recent months, and demanded US$70 million for a master key to all affected computers in the Kaseya attack.
Because many of Kaseya’s affected customers were IT service providers themselves, the effects of the attack were far-reaching.
In Sweden, the supermarket chain Coop was unable to open hundreds of stores because their checkout systems stopped working.
A few weeks earlier, REvil software paralysed several plants from the world’s largest meat group JBS in an attack with a global impact. The hackers collected an US$11 million dollar ransom in cryptocurrencies from the company.
US Attorney General Merrick Garland said at least US$200 million in ransoms has been paid so far in attacks using the REvil software.
The US has requested the extradition of Yaroslav Vasinskyi, a 22-year-old Ukrainian man arrested entering Poland, Garland said.
He said the US Justice Department also seized US$6.1 million allegedly captured by a Russian REvil hacker who was separately charged and remains sought by the FBI.
Yevgeniy Polyanin, who is believed to be in Russia, was accused of conducting roughly 3,000 ransomware attacks on companies and entities across the US, including law enforcement agencies and local governments in the state of Texas.
The US State Department on Monday offered a million dollar reward for tips leading to the identification or arrest of the REvil group’s leaders or anyone involved in attacks using the software.
It followed a similar reward days earlier concerning the DarkSide hacking group, which the US believes to be behind an attack on America’s biggest gasoline pipeline that temporarily shut down operations completely.
The hackers penetrated the pipelines operator’s computer network and demanded a ransom in the millions, which the company paid.
Additional reporting by Associated Press