This one is a sequel to the wonderful news reported last week (whereby the Russian-based #REvil gang was forced offline) … there have now been arrests related to same!
Last week’s reporting, about a multi-national #lawenforcement operation taking REvil offline, can now be updated to include the arrests of two individuals. This brings the number of Sodinokibi / REvil / GandCrab arrests (all variations of the same odious theme) to seven individuals since February 2021.
These individuals are believed to be responsible for over 7,000 deployments of this complex and devastating ransomware, resulting in hundreds of millions of dollars in extortion revenue. To call this a multi-national effort is to understate things quite a bit; the countries involved in the take-down and related arrests include: Australia, Belgium, Canada, France, Germany, the Netherlands, Luxembourg, Norway, Philippines, Poland, Romania, South Korea, Sweden, Switzerland, Kuwait, the United Kingdom, and the United States.
These efforts, in combination with new initiatives from the international law-enforcement community are most welcome developments. A great example of the changing nature of this ransomware game can be found in the U.S. Department of State‘s recent announcement of a $10M “bounty” for information leading to the arrest of those involved with the #Darkside#ransomware activities (q.v., https://lnkd.in/dkxAXXAH)
Forensic Update 