REvil Ransomware Suspects Arrested
PowerKee’s Bastion of Privacy #49 - Huge day for cybersecurity as notorious gang thwarted
The cybersecurity world hit headlines recently after the arrest of members of the dreaded REvil ransomware gang. Through coordinated efforts between the Romanian police, the US Department of Justice (DOJ), and Europol, three members of the gang were arrested. Two were arrested in Romania, while a third was arrested in Ukraine. This follows previous operations that apprehended members in South Korea, Kuwait, and Ukraine.
In the latest Bastion of Privacy, we highlight the details of this development and the United States’ response to this incident. We also examine the effect these arrests will have on cybersecurity and whether a rethink is needed in this area.
Ransomware gang suspects arrested
REvil has claimed responsibility for some of the most high-profile ransomware attacks since 2019. Attacks on the world’s largest meat supplier JBS SA, Apple supplier Quanta, and the software company Kaseya were among REvil’s victims during this period. The JBS SA attack alone yielded up to $11 million for the gang.
Sometimes referring to themselves as GandCrab or Sodinikobi, the group forced victims to pay ransom in Bitcoin or Monero. All told, the DoJ estimates the group has extorted over $200 million from its victims. Two suspects, Yaroslav Vasinskyi, a Ukrainian, and Yevgeniy Polyanin, a Russian, have been arrested and indicted by the Treasury Department for deploying REvil against U.S. companies.
Vasinskyi was arrested in Poland, with plans to extradite him to the U.S., where he will face charges. However, the extradition of Polyanin looks unlikely, considering the strained relationship between Russia and the U.S. at the moment. In the aftermath of these arrests and indictments, the U.S government and security agencies appeared upbeat.
Speaking to the BBC, FBI Director Christopher Wray said that a combination of the right people, the right tools, and the right authority will place the establishment ahead of malicious actors like REvil. In a statement released by the Whitehouse, President Joe Biden commended security agency efforts and stated that enforcement will be extended to other areas of the cyber world, including illegal transactions conducted using virtual currencies.
(Source: Twitter.com)
Cryptocurrency exchange, Chatex, has also found itself in the DoJ’s crosshairs for facilitating illegal transactions. At this point, not much is known about the role Chatex played or whether the exchange was even aware of the nature of transactions carried out on its platform.
Portion of ransomware recovered
In a claw back hacking operation, authorities were able to recover $6 million of ransomware from the gang. While this pales compared to the $200 million the group extorted, it offers some solace to the group’s victims. In a statement, REvil announced they had shut down operations due to these arrests.
The case of Polyanin’s extradition highlights the constraints law enforcement agencies face in today’s world. Poylanin joins a growing list of state-sponsored Russian hackers operating with impunity within Russia and is unlikely to face any consequences. While REvil has been dealt a fatal blow, questions remain as to how governments can cope with malicious groups who will undoubtedly appear.
As such, cybersecurity executed through centralized platforms remains the biggest hurdle to achieving complete protection. As long as there’s a single point of failure, our data and digital assets can never be safe. The attitude that cyber criminals display when carrying out their attacks indicates how weak traditional cybersecurity is.
In REvil’s case, the group routinely named and shamed victims who didn’t pay ransom and even ran a live chat portal discussing its attacks. No amount of indictments will stop actors like these from harming sensitive assets in the future.
Time to rethink cybersecurity
While authorities have recovered a portion of ransom, there’s no word about the second-order effects that the theft of personal information has caused for the victims. This case once again highlights the need for complete privacy in monetary transactions. Hackers these days use a wide range of data points to create attack paths into systems.
Decentralized cryptocurrencies like PowerKee remove any incentive for hacking thanks to the immense resources needed to successfully exploit the system. They provide much-needed security with cheap and instant transaction methods.
About PowerKee
PowerKee is a cryptocurrency network that makes privacy easy. Users can transact cheaply and instantly while maintaining anonymity. The PowerKee protocol uses a mixture of zero-knowledge proofs and coin mixing that provides strong privacy to its users.