German law enforcement agencies have reportedly identified an alleged person responsible for REvil ransomware, also known as Sodinokibi, and prepared an arrest warrant. This is reported by Bayerischer Rundfunk, among other things, according to which the suspect himself was traced on the Internet. The LKA Baden-Württemberg tracked down the suspect via Bitcoin payments, which are said to have been linked to ransomware attacks.
Although an arrest warrant has been prepared, an opportunity has been missed to obtain his arrest and possible extradition, it says. The Russian was on vacation in Turkey without an extradition request being made. Why is unclear. A request from heise online to the LKA Baden-Württemberg and the BKA have not yet been answered.
The ransomware group REvil is one of the most aggressive ransomware groups this year and has been particularly successful in doing so. The gang distributes its extortion trojan in a business model that can be described as ransomware-as-a-service: it rents or licenses the malware it has developed and the associated decryption and payment infrastructure to other criminals, so-called affiliates or partners. In the case of REvil, those responsible receive 30 percent of the partners’ revenues. It is unclear what role the now identified suspect plays in the REvil group, writes the BR. From the law enforcement authorities, however, it was said that he “undoubtedly” belonged to the core group.
The suspect is said to be a young Russian who lives in a house with a pool in a major city in southern Russia. His Instagram profile shows that he is spending luxury vacations in Dubai and the Maldives and that, for example, he has spent 1,300 euros per day on chartering a yacht. You can also see a watch with a purchase price in the five-digit range on which the Bitcoin logo is depicted. On the other hand, no designer clothes can be seen on old pictures of the suspect, only on this one can see “the rise”, as an investigator put it. Whether he will leave Russia again for a vacation and come under the influence of German law enforcement authorities is at least doubtful, the report suggests. Most recently, his wife traveled alone.
Internally, there is frustration among investigators that the success is not dealt with more aggressively, after all, it shows their own performance. After attacks with particularly serious consequences in the past few months, ransomware had become a topic even at the highest political level. In the US, extorted revenues of hundreds of millions of US dollars are believed.
Against the REvil group, however, the greatest successes had apparently been achieved recently; In a transnational campaign, for example, it was said that they managed to hack the group itself and force it out of the net. In Russia, REvil & Co. have had enough freedom to carry out their machinations for years, but there is a certain amount of control by secret services and authorities.