People who have information associated with the REvil and DarkSide ransomware group leaders, or affiliates who carried out attacks, are being urged to come out. The U.S. State Department is offering a reward of as much as $10 million in exchange for details that points to the identification or whereabout of REvil/DarkSide ransomware groups leaders, with as much as $5 million paid for data that brings about the capture and sentencing of any person who conspired to take part or tried to get involved in a REvil/DarkSide ransomware attacks. The amount of the rewards offered in exchange for information undoubtedly shows how serious the United States is with its efforts to take the ransomware attackers to justice.
The effort to pressure the ransomware gangs seems to be somewhat effective. According to U.S. National Cyber Director Chris Inglis, there was a noticeable reduction in cyberattacks based in Russia. The DoJ states it is looking at a few more apprehensions associated with the REvil and DarkSide ransomware attacks in the upcoming weeks.
Worldwide Law Enforcement Efforts See Several Arrests
The United States isn’t just the nation that is focused on taking ransomware attackers to justice. An international law enforcement operation called GoldDust joined by 17 countries has lately led to the apprehension of 7 hackers thought to be engaged in the REvil and GandCrab ransomware attacks. The Europol, Eurojust, and INTERPOL-synchronized operation resulted in the arrest of two individuals in Romania, three people in South Korea, one person in Kuwait, and one in an unidentified European country, with the most current takedown happening on November 4 in Kuwait and Romania.
The three people in South Korea were formerly detained in February, April, and October because of their part in the GandCrab ransomware attacks, which is thought to be the forerunner of REvil/Sodinokibi. In 2018, the GoldDust operation began to be active and was started because of the GandCrab ransomware attacks.
The past week, Europol made an announcement of the arrest of 12 persons in raids in Switzerland and Ukraine because of their supposed participation in ransomware attacks that involve the LockerGoga and other ransomware attacks. Those people are considered to have had expert functions in different phases of the attacks, starting from infiltration up to taking the cash and laundering the ransom payments amounting to millions.
In September, the Ukrainian National Police, a French National Gendarmerie, INTERPOL and Europol operation led to the arrest of 2 people thought to be affiliates of two prolific ransomware attacks. That ransomware operation likewise resulted in the seizure of $375,000 cash and luxury cars, and the freezing of $1.3 million of cryptocurrency.
Furthermore, a 30-month campaign, called Operation Cyclone, which engaged law enforcement services in several countries led to the capture of 6 people thought to be engaged in the Clop ransomware campaign, with those apprehensions happening in June 2021. The operation had conducted searches at 20 places and seized $185,00 cash and computer devices believed to have been employed in the attacks. The Clop ransomware group had performed a lot of attacks in the U.S., such as those on Stanford Medicine, the University of Colorado, the University of Maryland Baltimore, and the University of California.
Although these apprehensions will result in certain interruptions to the operations of ransomware gangs, they stand for just a portion of the people engaged in ransomware attacks, who may be quickly substituted. The key untouchable members of the ransomware campaigns are thought to be residing in Russia.