Ukraine’s cyberpolice identified the operators behind the spread of the ransomware. The international operation involved Europol, Interpol, French authorities and the U.S. FBI.
According to this cyberpolice, with the help of the malware the hacker attacked more than a hundred companies in the US and the EU and demanded a ransom for data decryption ranging from €5 to €70 million. He had an accomplice who helped launder the funds.
The attacker hacked software for remote work and also distributed the virus via phishing campaigns targeting corporate emails. The damage exceeded $150 million.
During searches, investigators seized $360,000 in cash (Europol’s statement cites $375,000), equipment and vehicles. $1.3 million in cryptocurrency was blocked on the hacker’s wallets.
The Ukrainian cyberpolice reported only one suspect; Europol announced two arrests. ForkLog reached out to the cyberpolice for comment, but as of publication had not received a response.
Some cybersecurity experts suggested that the identified perpetrators were linked to the ransomware group REvil.
That certainly sounds like #REvil #ransomware. The #Kaseya ransom demand was famously $70 Million, and the average person may think REvil started in April 2020, with the famous hack of Grubman Shire Meiselas & Sacks happening about that time.
— GarWarner (@GarWarner) October 4, 2021
Earlier in June, Ukrainian law enforcement reported the detection of hackers behind the Clop ransomware. ForkLog’s source said that the searches were not conducted at members of the hacker group, but at OTC traders through whom the ransomware operators’ bitcoins passed.
Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analysis.