Romanian authorities have arrested two hackers suspected of using REvil ransomware to extort 5,000 victims.
Before their arrest on Thursday, the two suspects allegedly made more than half-million dollars by collecting ransom payments, according to Europol, the European Union’s law enforcement agency.
At least five other hackers allegedly using REvil and other similar software have been arrested this year, Europol said in a press release. None of the seven total suspects have been identified publicly. The arrests were part of a 17-country effort called Operation GoldDust. According to Europol, those arrested and their affiliates are responsible for over $200 million in demanded ransom.
REvil’s website went offline last month after United States law enforcement worked with other countries to hack the group, Reuters reported.
REvil ransomware has been responsible for several infamous attacks, including one in June that forced meatpacker JBS to shut down plants for at least a day and pay an $11 million ransom.
“Another blow against those who target the vulnerable on the internet,” tweeted Brian Honan, an Irish cybersecurity consultant and former special advisor on cybersecurity for Europol.
Update 11:48am CT: U.S. authorities also announced the arrest of a Ukrainian national last month. Yaroslav Vasinskyi, a Ukrainian, was arrested at the country’s border with Poland. The U.S. issued an 11-count indictment against him and says it plans to seek extradition, according to the Washington Post. It is unclear if Vasinskyi is one of the seven arrests Europol also announced.