REvil: Day of showdown for the infamous cyber gang

A global police operation dealt a devastating blow to one of the most prolific cybercriminal gangs in history.

The coordinated action against the REvil gang was announced on Monday by the Romanian police, the United States Department of Justice (DOJ) and Europol.

The raids, which took place both online and offline, led to the arrest of two alleged hackers in Romania and one in Ukraine.

REvil has been accused of major attacks on global businesses in recent years.

The US also announced that it has successfully recovered more than $ 6 million (£ 4 million) in cryptocurrency from the gang in a so-called ‘claw back’ hack.

For the past three years, REvil – who used to be called GandCrab and is also known as Sodinikobi – has attacked companies and institutions around the world.

Europol’s operation, called GoldDust, was created specifically to address the group. Since February, the operation has resulted in 7 arrests of the hacker gang in total in Romania, Ukraine, South Korea and Kuwait.

The agents say that the two Romanians arrested on November 4 have infected 5,000 victims and pocketed half a million euros in ransom.

In recent weeks, the leaders of REvil have announced that pressure from the authorities had forced them to close operations.

In May, REvil’s ransomware targeted the world’s largest meat producer, JBS SA, stopping meat production for several days. The company ultimately paid $ 11 million to the hackers.

The group’s malware also caused months of downtime for currency exchange company Travelex, which took all computer systems offline for weeks.

Most recently, the gang successfully hacked Florida-based software company Kaseya, which subsequently infected up to 1,500 companies worldwide.

The US Treasury Department said more than $ 200 million in ransoms in Bitcoin and Monero were paid in the attack.

The Justice Department says Yaroslav Vasinskyi, 22, a Ukrainian man arrested in Poland last month, was responsible and indicted him. The United States is trying to extradite him for trial in America.

Another alleged agent of REvil, Russian Yevgeniy Polyanin, 28, has also been accused by the United States of conspiracy to commit fraud and conspiracy to commit money laundering, among other charges.

Russia is unlikely to extradite its citizen to the United States, so Polyanin is expected to join a growing list of allegedly wanted Russian hackers.

The Treasury Department added that the two men face penalties for their alleged role in US ransomware incidents.

Court documents also accused a virtual cryptocurrency exchange called Chatex of “facilitating financial transactions for ransomware actors.”

FBI Director Christopher Wray told reporters Monday, “The long arm of the law goes much further than they think.

“The cyber threat is daunting, but when we combine the right people, the right tools and the right authority, our adversaries cannot compete with what we can accomplish together.”

The good news is rare in cybersecurity, especially in the past 18 months when the wave of ransomware attacks has targeted everything from public institutions to schools and hospitals.

But this is unequivocally great news.

REvil was arguably the most prolific and dangerous cyber criminal gang ever and operated with absolute confidence and arrogance.

Not only were their attacks indiscriminate, but they had a website they sarcastically called their “happy blog” where they would name and shame victims who didn’t pay their ransoms.

They even had a live chat portal and were happy to brag about their work with reporters like me.

This multinational police operation is extremely impressive in its coordination and aggression and shows exactly what can be done to attack these cybercriminals on all fronts.

This is likely the end of REvil, and along with other recent success stories, it looks like a game changer in the fight against ransomware.

But with many of the criminal gangs believed to operate in Russia immune from prosecution, it probably won’t be the end yet.