The Hague / Washington International investigators have struck a blow against hackers believed to be responsible for thousands of attacks on organizations and companies. The US Justice Department announced on Monday in Washington that a Ukrainian had been caught in Poland who was suspected of being behind the major cyber attack on the American IT service provider Kaseya, among other things.
US President Joe Biden said the United States, together with international partners, is doing all it can to fight cyber criminals. There is still a lot to be done, but the US has already taken important steps to better protect critical infrastructures, hold attackers accountable and dismantle international networks of hackers.
According to Europol, 17 countries were involved in the investigation, including the USA, Germany, France, the Netherlands, Poland, Romania and Canada. In Germany, according to the European judicial authority Eurojust, the Stuttgart public prosecutor was in charge.
Top jobs of the day
Find the best jobs now and
be notified by email.
Over several months, a total of seven suspects were arrested in different countries, said Europol. They are suspected of having attacked around 7000 targets in so-called ransomware attacks and stealing millions.
In attacks with blackmail software – also known as ransomware – data on computers is encrypted and the hackers demand money for the release. According to Eurojust, the attacks on those arrested were directed against companies, as well as local authorities, hospitals, the judiciary, schools and universities. Five of those arrested had carried out attacks using REvil software.
The hacker group of the same name had caused a stir in recent months with large attacks. During the Kaseya attack, the REvil group asked for a master key to all affected computers on its Darknet website.
Software infiltrated around 175,000 computers worldwide
Since many of the Kaseya customers affected are themselves IT service providers for others, the impact of the attack reached as far as Sweden, for example, where the supermarket chain Coop was unable to open hundreds of stores due to malfunctioning checkout systems.
A few weeks earlier, REvil-Software had paralyzed several plants of the world’s largest meat company JBS – also with international effects. At that time, the group collected eleven million dollars in ransom in cryptocurrencies from the company.
US Attorney General Merrick Garland said in Washington that so far REvil software has been smuggled into attacks on around 175,000 computers around the world, and at least $ 200 million in ransom has been paid for attacks with the software. The 22-year-old Ukrainian arrested in connection with the software was arrested at the request of the USA while entering Poland. His extradition to the United States has been requested.
The US Department of Justice also confiscated $ 6.1 million that another REvil hacker allegedly stole with ransomware attacks, Garland said. The 28-year-old Russian is said to have attacked around 3,000 targets with blackmail software.
The US State Department on Monday offered a reward in the millions for clues that lead to the identification or establishment of leaders in the REvil group – or anyone involved in attacks with the software.
The US government announced a similar reward a few days ago with a view to the hacker group DarkSide, which the US believed was responsible for the cyber attack on America’s largest gasoline pipeline in the spring.
As a result of the attack, the pipeline, through which about 45 percent of all fuel consumed on the US east coast runs, was temporarily completely shut down. There were gasoline bottlenecks in parts of the country. The hackers had broken into the pipeline operator’s computer network and demanded a ransom in the millions, which the company paid.
More: The Invisible War: Global Hacker Gangs Threaten Germany – Affected Companies Unpack