Romanian authorities have arrested two people suspected of cyberattacks worldwide that used the REvil ransomware, the European law enforcement agency Europol announced Monday.
The duo are suspected of causing 5,000 infections with the ransomware, pocketing a half a million euros in ransom payments, according to Europol, which said the arrests were made Thursday.
The announcement came as CNN reported that the U.S. has seized $6 million in ransom payments, and is expected to announce charges Monday against a Ukrainian national suspected of launching a ransomware attack in July the Florida-based software firm Kaseya
The U.S. Justice Department is scheduled to hold a press conference later Monday “to make announcements on a significant law enforcement matter,” according to an alert from the department, which did not otherwise identify the nature of the case.
The Russia-linked REvil Group, also known as Sodinokibi, on July 2 launched an international ransomware attack.
About a month before that, the group attacked the world’s largest meatpacking company JBS, leading the firm to shut down operations, disrupting meat production in North America and Australia.
In mid-July, so-called dark web sites affiliated with REvil were shut down. American authorities refused to say whether the U.S. had taken action against the sites.
But a National Security Council official days before had told reporters that U.S. authorities expected to take action against ransomware groups soon.
“We’re not going to telegraph what those actions will be precisely,” that official said. “Some of them will be manifest and visible, some of them may not be. But we expect them to take place in the days and weeks ahead.”
Europol on Monday noted that since February, authorities have arrested three other affiliates of REvil.
This is breaking news. Check back for updates.