Germany identifies member of REvil ransomware gang

German investigators have identified a suspected member of the cybercrime gang known as REvil, which specializes in ransomware attacks against large corporations.

According to the newspaper Time, the group from the Baden-W├╝rttemberg State Criminal Police Office is certain that a man of Russian origin named Nikolay K. is one of those responsible for infecting servers and extorting companies to release the rescue of entire networks hijacked by the group.

How was it found?

The investigators’ work involved tracking trades made with cryptocurrencies, which is the professional activity Nikolay uses to cover up the value gained from ransomware, and monitor social networks.

Despite keeping the criminal activities hidden, Nikolay’s ostentatious standard of living caught the attention of investigators. On platforms like Instagram, he appears on trips across Europe and renting out yachts.

The suspect still maintained an email address linked to the registration of at least 60 domains and a telephone number which, in addition to being linked to a Telegram account, was used as a contact for cryptocurrency transactions. By identifying the transactions, investigators found evidence that their accounts carried cryptocurrencies originating from redemption payments from common investments. One of these criminal operations involved a company and a public agency in the German city of Stuttgart, Germany, which triggered investigations in the country.

The end of REvil?

Now, authorities must begin negotiations with the Russian government to identify Nikolay’s whereabouts and seek extradition for him to stand trial.

REVil was responsible for large-scale invasions in recent months, including the ransomware that hit Brazil’s JBS and 1,500 companies linked to developer Kaseya.

The team took a break from activities and even had decryption keys leaked, but returned in mid 2021. More recently, a cybersecurity operation attacked servers maintained by the gang to try to dismantle its operations.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *