Skip to content

Kaseya ransomware attack suspects from REvil arrested in Ukraine

  • by
  • 3 min read

In a coordinated strike between the French National Gendarmerie, The Ukrainian National Police and the FBI, two ransomware operators known for their extortion demands of between €5 to €70 million were arrested in Kyiv, Ukraine on September 28. The operation was carried out in cooperation with Europol and INTERPOL.

The arrest resulted in seven property searches, US$ 375,000 being seized in cash along with two luxury vehicles worth €217,000 and assets worth $1.3 million in cryptocurrencies being sealed. 

The suspects included a 25-year old who is believed to be a crucial member of a large ransomware operation. Official’s declined to name the suspect’s affiliation with any ransomware gang, citing an ongoing investigation. However, security researchers suggest that the two suspects are a part of the REvil ransomware gang, which recently gained headlines with its attack on Kaseya.

In the News: What caused the Facebook, Instagram and WhatsApp outage?

Europol’s big bust

According to Europol, the ransomware gang is suspected of a string of targetting attacks against large industrial groups in Europe and North America from April 2020 onwards.

The Ukrainian Officials say that the suspect is believed to be responsible for attacks on more than 100 companies in North America and Europe, causing more than $150 million in damages. Targets included well-known energy and tourism companies as well as technology developers.

Ukrainian officials going through one of the computers found at the suspect’s house. | Source: Ukraine Cyber Police

The involved law enforcement authorities worked together with support from Europol’s Joint Cybercrime Action Taskforce led to the identification of the two individuals in Ukraine.

Six investigators from French Gendarmerie, four from the FBI, a prosecutor from the French Prosecution Office of Paris, two specialists from Europol’s European Cybercrime Centre (EC3) and one INTERPOL officer overall were involved in the operation.

Europol’s cybercrime specialists held 12 coordination meetings bringing together all organisations to prepare them for the ‘action day’. They also provided analytical, malware, forensic and crypto-tracing support. Europol also set up a virtual command post to ensure coordination between the involved agencies, with the whole operation being carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

Additionally, Ukrainian officials also posted a video of one of the house searches, which shows police officials going through unlocked computers and tablets, suggesting that the agencies involved might have access to sensitive information that can help in further arrests. 

YouTube video

In the News: Clubhouse brings universal search, clips, replay and spatial audio to its app

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: