European law enforcers announced the arrests of two suspected REvil affiliate members on Monday, bringing their total for the year to five, as the US published its own indictments and sanctions designed to hobble the ransomware collective.
Romanian authorities arrested the unnamed duo on November 4, claiming they had been responsible for 5000 attacks which netted half a million euros.
Its Operation GoldDust involved police from Europe, the US, South Korea, Australia and the Philippines.
Since February this year, it has also led to arrests of three other suspected REvil affiliates and two suspected GandCrab affiliates. Three of these were reportedly cuffed in South Korea and one in Kuwait. Together, the seven arrested so far this year are thought to have been responsible for attacking 7000 victims.
“All these arrests follow the joint international law enforcement efforts of identification, wiretapping and seizure of some of the infrastructure used by Sodinokibi/REvil ransomware family, which is seen as the successor of GandCrab,” said Europol.
The disclosure comes as US authorities indicted two men for their involvement in REvil yesterday.
Ukrainian Yaroslav Vasinskyi was actually arrested in Poland last month and will face charges connected with the infamous Kaseya ransomware attack. Russian Yevgeniy Polyanin is still at large, but the Department of Justice (DoJ) announced the seizure of over $6m he allegedly stole from victims.
At the same time, the US Treasury announced sanctions against both men, including a company owned by Polyanin and cryptocurrency exchange Chatex, for its alleged involvement in ransomware.
It said the firm has direct ties to the Russian exchange Suex, which has already been sanctioned.
“Analysis of Chatex’s known transactions indicate that over half are directly traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware,” the Treasury noted.
The State Department has also offered a new $10m reward for information leading to the “identification or location” of REvil leadership figures. This follows a similar move last week to elicit intelligence on the DarkSide group.