Seven people are according Europol arrested in a global operation against criminals behind ransomware virus that has cost the victims over half a million euros.
The arrested are connected to the Russian hacker group REvil, also known as Sodinokibi, and the ransomware group GandCrab, it is stated in an announcement from Europol.
Two people were arrested on Thursday in Romania and one in Kuwait, while another three were arrested in South Korea. One was taken in an undisclosed European country.
Two of the hackers are charged in the US for so-called ransomware attacks against, among others, the service provider Kaseya, writes the US Department of Justice in a press release.
One of the accused, a Ukrainian citizen, was arrested in Poland in October. The United States wants him extradited, the Ministry of Justice states.
Kripos confirms
Interpol and the EU’s legal agency Eurojust were also involved in the operation, which covered 17 countries.
The US Department of Justice writes in the press release that the Norwegian authorities have contributed valuable help.
Communications manager Åste Dahle Sundet in Kripos confirmed on Monday night that Norwegian police participated in the operation.
– I can confirm that we have participated in the investigation, but for the sake of the investigation I can not give details, Sundet says to TV 2.
The arrested are suspected of being behind 7,000 data breaches, where they demanded more than 200 million euros in ransom. The two Romanians alone were responsible for 5,000 hacker attacks with a dividend of half a million euros, according to Europol.
Ransomware virus, or ransomware, is an increasingly lucrative business where the hacker locks a PC with all its contents and demands ransom to reopen the access.
According to the National Security Authority (NSM), there has been a change of pace over the past year and a half. From 2019 to 2020, a tripling of the number of serious incidents has been registered, and the use of ransomware virus continues to increase in both scope and number.
Framed Coop
According to the NSM report «Digital risk picture 2021» The service provider Kaseya was hit by the Russian hacker group REvil in July 2021. A few Norwegian service providers had customers where the vulnerability may have been exploited, writes NSM.
1,500 companies in 17 countries were affected by the attack from REvil, and Coop in Sweden had to close most of its 800 stores because the payment systems were locked.
Figures from the security company Check Point in July showed that the number of ransomware virus attacks had increased by 93 percent globally. In Norway, the development was far more dramatic, with an increase of as much as 1015 percent, according to the company.
–
