In an internationally coordinated operation, investigators arrested several affiliate partners of Ransomware-as-a-Service REvil, imposed sanctions and confiscated $ 6,1 million in ransom. German investigators were also involved in the operation called "GoldDust".
Among those arrested is the Ukrainian Yaroslav Vasinskyi, who is believed to be responsible for the attack on the Kaseya company and its customers. Kimberly Goody, Director of Financial Crime Analysis at Mandiant, said in a statement about the investigators' recent successes and their implications for cybersecurity.
Operation “GoldDust” also catches backers
“These recent events show the importance of taking a differentiated approach to combating ransomware threats and working with international partners. Because cyber crime knows no national borders. REvil has proven to be a very active ransomware threat since it first appeared in May 2019. More than 300 companies had appeared on the group's ransomware shaming website. The victims are spread over 40 countries. REvil operated a ransomware-as-a-service model, and several of the recent arrests and sanctions were targeted at affiliate partners. This is noteworthy in that in other cases where a ransomware was shut down or malfunctions occurred, hackers switched to other ransomware affiliate programs. Actions targeting these partners could have a greater impact on the total number of attacks. Compared to ransomware itself, the skills required to spread ransomware in the victims' environments and use it successfully are in great demand in the darknet.
First, but too few successes
The most recent measures against REvil-related actors are significant, but this does not change the fact that some countries tolerate ransomware activities for strategic reasons and allow them to continue unchecked, as long as they are not directed against their own national interests. This means that recent investigative successes won't put all ransomware hackers off. Especially considering how lucrative this form of crime has become. The increase in costs through arrests and sanctions is therefore important in order to negatively influence the cost-benefit analysis of the ransomware hackers. "
More at Mandiant.com
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.