Prosecutors working with the Directorate for Investigating Organized Crime and Terrorism (DIICOT) have decided to detain two individuals suspected of carrying out cyber-attacks, blackmail, and money laundering, the institution said.

They are suspected of deploying cyber-attacks using the Sodinokibi/REvil ransomware.

The two are allegedly responsible for 5,000 infections, which in total pocketed half a million euros in ransom payments, according to Europol. 

Five other individuals involved in the GandCrab and REvil / Sodinokibi ransomware programs were arrested: three by the authorities in South Korea, one in the US, and one in Kuwait. 

The suspects arrested in the country made use of the GandCrab and REvil/Sodinokibi ‘ransomware families.’ Under the Ransomware as a Service (RaaS) model, the perpetrators rent from ransomware developers the necessary malware to launch attacks and encrypt computer systems, subsequently obtaining illicit profits from victims who pay for the safe recovery of their encrypted data, the European Union Agency for Criminal Justice Cooperation (Eurojust) explained.

The attacks affected many victims throughout the world in both the public and private sectors, including companies, municipalities, hospitals, law enforcement, emergency services, schools, colleges and universities. They also targeted the health sector during the Covid-19 pandemic, taking advantage of the global crisis to extort victims.

The investigation was part of a wider international effort involving 17 countries, Europol, Eurojust and INTERPOL, Europol explained. 

(Photo: Stevanovicigor | Dreamstime.com)

simona@romania-insider.com