Security News > 2021 > December > Police arrests ransomware affiliate behind high-profile attacks
Romanian law enforcement authorities arrested a ransomware affiliate suspected of hacking and stealing sensitive info from the networks of multiple high-profile companies worldwide, including a large Romanian IT company with clients from the retail, energy, and utilities sectors.
The apprehended ransomware affiliate stole a wide range of sensitive info from its targets' systems according to the Romanian National Police, including companies' financial information, employees' personal information, and customers' details.
This lines up with previous arrests made by Romanian law enforcement last month, on November 8, when they apprehended two suspects believed to be Sodinokibi/REvil ransomware affiliates.
The same day, Kuwaiti authorities also arrested a GandGrab ransomware affiliate, with the three of them were believed to be behind roughly 7,000 attacks and asked over €200 million in ransoms.
"All these arrests follow the joint international law enforcement efforts of identification, wiretapping and seizure of some of the infrastructure used by Sodinokibi/REvil ransomware family, which is seen as the successor of GandCrab," Europol said.
While the core ransomware gang operators are still safe in Russia, these recent arrests show that law enforcement worldwide is now disrupting their Ransomware-as-a-Service operations by arresting affiliates located all over the world.
News URL
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)