Europol: Seven hackers have been arrested since the beginning of the year, suspected of having links with REvil 
by Russian hackers “. As noted in the message of Europol, which coordinated the operation, since the beginning of the year, seven people have been detained in different countries of the world who may be related to the REvil group, which is associated with cybercriminals from Russia.
The two arrested in Romania, according to security officials, are involved in a total of 5,000 infections with ransomware developed by REvil. With their help, the attackers received about half a million euros in ransoms.
It is assumed that a total of five alleged supporters of “Russian hackers” are responsible for seven thousand infections, and the amount of the ransom they demanded reached 200 million euros.
Europol notes that since February 2021, law enforcement agencies have arrested three other members or affiliates of REvil, as well as two people associated with GandCrab (a well-known ransomware program, whose developers, according to the investigation, joined REvil). The arrests were carried out in Europe, South Korea and Kuwait.
All the arrests were part of the GoldDust special operation, the active phase of which began in early 2021. It was attended by security officials and secret services of 17 countries (not a single state from the post-Soviet space is represented), as well as Europol, Eurojust and Interpol. In the course of the investigation, wiretapping and attacks on the infrastructure of the hackers themselves were actively used.
In October 2021, the hackers from REvil became victims of an attack carried out by the FBI and a number of US secret services, as well as their partners from other countries. “Our servers have been compromised. They are looking for me. Good luck to everyone, I'm disconnecting, “- wrote in the last message the mouthpiece REvil on the darknet.
Soon after, the BlackMatter group disappeared from the darknet, which in the West is also accused of having ties with Russia. A message about this was posted on one of the resources of “Russian hackers” on the darknet. In it, the criminals also complained about pressure from the authorities.