POST Online Media Lite Edition


Romania arrest individuals suspected of cyber attacks deploying Sodinokibi REvil ransomware

Christian Fernsby |
Romanian authorities arrested two individuals suspected of cyber attacks deploying the Sodinokibi REvil ransomware.

Article continues below

They are allegedly responsible for 5 000 infections, which in total pocketed half a million euros in ransom payments. Since February 2021, law enforcement authorities have arrested three other affiliates of Sodinokibi REvil and two suspects connected to GandCrab.

These are some of the results of operation GoldDust, which involved 17 countries, Europol, Eurojust and INTERPOL. Participant countries were Australia, Belgium, Canada, France, Germany, the Netherlands, Luxembourg, Norway, Philippines, Poland, Romania, South Korea, Sweden, Switzerland, Kuwait, the United Kingdom, and the United States.

All these arrests follow the joint international law enforcement efforts of identification, wiretapping and seizure of some of the infrastructure used by Sodinokibi REvil ransomware family, which is seen as the successor of GandCrab.

Since 2019, several large international corporations have faced severe cyber-attacks, which deployed the Sodinokibi REvil ransomware. France, Germany, Romania, Europol and Eurojust reinforced the actions against this ransomware by setting up a Joint Investigation Team in May 2021.

Bitdefender, in collaboration with law enforcement, made a tool available on the No More Ransom website that would help victims of Sodinokibi REvil restore their files and recover from attacks made before July 2021.

In the beginning of October, a Sodinokibi REvil affiliate was arrested at the Polish border after an international arrest warrant was issued by the US. The Ukrainian national is suspected of perpetrating the Kaseya attack, which affected up to 1 500 downstream businesses and for which Sodinokibi REvil asked a ransom of about €70 million.

Additionally, in February, April and October 2021 authorities in South Korea arrested three affiliates involved in the GandCrab and Sodinokibi REvil ransomware families, which had more than 1 500 victims.

Kuwaiti authorities arrested another GandGrab affiliate, meaning a total of seven suspects linked to the two ransomware families have been arrested since February 2021. They are suspected of attacking about 7 000 victims in total.

Since 2018, Europol has supported a Romanian-led investigation which targets the GandCrab ransomware family and involved law enforcement authorities from a number of countries, including the United Kingdom and the United States.

With more than one million victims worldwide, GandCrab was one of the world’s most prolific ransomware families. These joint law enforcement efforts resulted in the release of three decryption tools through the No More Ransom project, saving systems and unpaid ransom so far.

The investigation also looked at the affiliates of GandCrab, some of whom are believed to have moved towards Sodinokibi REvil. Operation GoldDust was also built up on leads from this previous investigation targeting GandCrab.

Many partners have already provided decryption tools for a number of ransomware families via the No More Ransom website. Bitdefender supported this investigation by providing key technical insights throughout the entire investigation, along with decryption tools for both of these highly prolific ransomware families to help victims recover their files.

KPN and McAfee Enterprises are other private sector partners that have also supported this investigation, by providing technical expertise to law enforcement.

Currently, No More Ransom has decryption tools for GandCrab (V1, V4 and V5 up to V5.2 versions) and for Sodinokibi REvil. The Sodinokibi REvil decryption tools helped more than 1400 companies decrypt their networks, saving them almost €475 million in potential losses.

The tools made available for both ransomware families enabled more than 50 000 decryptions, for which cybercriminals had asked about €520 million in ransom.

Europol facilitated the information exchange, supported the coordination of operation GoldDust and provided operational analytical support, as well as cryptocurrency, malware and forensic analysis.

During the action days, Europol deployed experts to each location and activated a Virtual Command Post to coordinate the activities on the ground. The international cooperation enabled Europol to streamline victim mitigation efforts with other EU countries. These activities prevented private companies from falling victim to Sodinokibi REvil ransomware.

What to read next

Hong Kong sized suspected dangerous drugs worth over $230 million
Two Ukrainian nationals indicted in computer hacking and securities fraud scheme targeting SEC
US Cyber Command launched cyber strikes on Iran

India shuts schools, offices, evacuates thousands as Cyclone Michaung nears

Authorities in southern India on Monday closed schools and offices, halted flights and evacuated coastal areas ahead of a severe cyclonic storm expected to make landfall in the next 24 hours, causing torrential rains.


Further earthquakes hit off Philippine island
North Korea to consider interference with its satellites as declaration of war
Vera Rubin telescope will generate mind boggling amount of data
FINRA fines BofA Securities $24 million for treasuries spoofing and related supervisory failures


Czechia: Entrepreneur charged with using EU funds to pay debts

Estonia: EPPO probes into suspected fraud involving street lighting
U.S.: Winter storm and heavy rain impact portions of west
Hikers missing after Indonesian volcano erupts
Spain arrests fugitive wanted by U.S. for crime of fraud
50 oil and gas companies pledge to cut emissions, pollution in Dubai as climate talks underway


Highlights: December 1, 2023 - December2, 2023

Tanzania's mega hydropower project gets connected to national grid
China starts building first national offshore wind power research, test base
U.S. oil rig count climbs by 5 to 505
Over 2,300 trucks waiting to cross into EU from Belarus, line keeps growing
New report highlights promise of Lithium Valley in California

Trending Now

Brazil jobless rate falls to 7.6 pct

50 oil and gas companies pledge to cut emissions, pollution in Dubai as climate talks underway

Czechia: Entrepreneur charged with using EU funds to pay debts

Highlights: December 1, 2023 - December2, 2023


President Lula in Berlin for first talks between Brazil and Germany in eight years

Greece cut coal use by over 80%
Sourth Dakota Governor Noem supports Congressman Gallagher's bill protecting U.S. farmland from China
Slovakia to extend grain embargo, expand list of banned agricultural products from Ukraine
Brazil to join OPEC+ in 2024
Zimbabwe mulls wealth tax targeting rich

Today We Recommend

Senators urge Biden to ban travelers from China after mystery pneumonia appears in U.S.


ManiKHeir will create 135 jobs in London, Ontario

Emmi opens new cheese conversion facility in U.S.

Dai Nippon Printing will create 352 new jobs in Davidson County, North Carolina


BETA Technologies to expand in New York, to create 85 full time jobs

Masdar and RWE in £11 billion investment to develop 3GW offshore wind projects in UK
ManiKHeir will create 135 jobs in London, Ontario
Saudi PIF, Patria seal $1.2bn infrastructure project in Brazil
SEAT expands solar energy capacity
SpaceX launches South Korean spy satellite from California


Pyxis Oncology appoints Ken Kobayashi as chief medical officer

Amylyx Pharmaceuticals appoints Camille L. Bedrosian as chief medical officer
Federal Signal Corporation appoints Katrina L. Helmkamp to board
First Resource Bancorp appoints Kristen Fries as CFO
Network International appoints Mpho Sadiki as group managing director, merchant solutions for Africa
Liquid Intelligent Technologies: Oswald Jumira new CEO of Liquid C2 business unit


Brazil jobless rate falls to 7.6 pct

Missouri Governor Parson announced state’s Consensus Revenue Estimate
Canadian GDP declines in Q3
Finland's economy contracts in Q3
Italy's annual inflation rate lowest in 32 months
Fitch upgrades Pennsylvania’s credit rating from ‘AA-’ to ‘AA


Dell Technologies revenue $22.3 billion

American Outdoor Brands Q2 sales $57.9 million
Marvell Technology Q3 revenue $1.419 billion
BMO Financial Q4 income $1,617 million
Cracker Barrel Old Country Store profit $5.46 million
Kroger Q3 earnings to $646 million


Micromanaging is the worst enemy of efficiency and teamwork

Niger set to monetize massive gas reserves through Saharan natural gas pipeline
Putting the brakes on EV folly that choked the market
Oil discovery in Kavango Basin may mean huge benefits for Namibians
Cape Town and Dubai battle over Africa's energy future
Is America going to lose its superpower status?


Minister Ng: Canada disappointed with unfair U.S. duties on softwood lumber products

Commission approves €500 million French State aid scheme to support investments in agriculture
Georgia refused entry to 21.5 tons of Belarusian potatoes
Value of cereal production in EU €64.4 billion, milk value €58.0 billion
Rosselkhoznadzor begins inspections of Brazilian poultry meat producers
Kazakhstan will supply peaches, cherries, and plums to China


LinkedIn can trigger feelings of imposter syndrome

Study suggests corporate culture thwarts efforts to hire innovative candidates
Workplace wellness policies could soften effects of workaholism
Customers willing to wait longer for delivery when they shop in store showroom
Internal crowdfunding fosters innovation and engages employees
Employee owned businesses deliver an 8 to 12% productivity boost


BNP Paribas subsidiary fined maximum amount over Swiss franc loans

Commission fines Rabobank €26.6 million over Euro-denominated bonds trading cartel
Shell Energy fined £1.4m by Ofcom for consumer protection breaches
Italy's antitrust agency fines energy companies for aggressive billing
New Jersey duo defrauded investors and mortgage lenders through $2.5 million investment scam
SEC charges Royal Bank of Canada with internal accounting controls violations



Bora Bora, first born paradise in French Polynesia

Mushrooms of all kinds will be featured at Autumn Bio Festival in Portugal
Festive winter fun in and around Hannover
Premier Australian motoring event returns this weekend
Yummy cake and bake show in London with great prizes
Tuileries Garden Christmas, magic of Christmas in Paris


Chevrolet Tahoe and Suburban come with new look

Chinese HiPhi revealed electric sedan, too bad it can't be trusted
New 2025 Ram 1500, Hurricane 3L and 420 horsepower
Gulfstream G700 business jet to fly 14,353 kilometers
Beneteau First, slender mainsail and generously sized foresails
Porsche launches speedboat with 400 kW


Hollywood Regency, the style that's always in

Filippo Loreti, premium Italian timepieces for adventurous gentlemen
Creative furniture that redefines the meaning of sofa
Perfect ovens for perfect pizza at home
Designer radiators, focal point that heats your room
What to do and what not to do when designing your living room


Rode NT1 5th Generation, the ultimate studio microphone

Motorola g family smartphones bring something for everyone
Focal Shape 65 monitor, loudspeakers for home or professional studio
NAD C 268 stereo power amplifier, multipurpose workhorse
DeVore Fidelity Orangutan O/Reference, €90,000 for ultimate sound
Motorola razr, foldable phone that allows you to live your real life


Pathogens use force to breach immune defenses

Governor Moore announces expanded access to contraceptive care across Maryland
California Governor Newsom announces new legislation to prevent illicit use and trafficking of xylazine
Argentina records hundreds of Trichinella cases
Loss of auditory nerve fibers uncovered in individuals with tinnitus
Netherlands sees alarming surge in pneumonia among children, China disinfecting schools


Russia launches cargo spacecraft to International Space Station with equipment and gifts

Earth experiences second geomagnetic storm in six days
Europe is working on multi purpose habitat for moon
Artificial intelligence used to detect plastic waste at sea
Astronomers spot giant stream of stars between galaxies
Six exoplanets discovered in synchronised dance