Canadian police played a role in the arrest of suspected members of international ransomware gangs

The RCMP and Calgary police contributed to the investigation leading to the arrest of two people last week in Romania. The arrested individuals are suspected to be linked with Sodinokibi/REvil ransomware operations.


The arrest is lauded as the second major strike against the members of the notorious cybercriminal network, REvil, this week. Just recently, the members of the same group attacked a Canadian-based real estate agency and asked for a ransom in exchange for 755GB of compromised data.

On Monday, the U.S lodged charges against two individuals who allegedly played a role in the Sodinokibi/REvil ransomware gang to launch an attack on business and government entities in the United States.

The Canadian law enforcement agencies said that the arrested members are allegedly involved in 7,000 ransomware attacks worldwide, 600 of which have occurred in Canada.

“Though these arrests happened of kilometers away, the crimes these suspects committed had a very real impact on citizens in Calgary and across Canada,” said Inspector Phil Hoetger of the Calgary Police Service’s technical investigations section. “This operation demonstrates the necessity for law enforcement to work together, share information, and pool resources in today’s digital era.”

“No organization can fight cybercrime alone,” said Chris Lynam, director-general of the RCMP’s National Cybercrime Co-ordination Unity (NC3) and Canadian Anti-Fraud Centre. “The NC3 was created to help bring law enforcement and the public and private sectors together to collaborate in combating cybercrime. People and organizations can help too by learning how to protect themselves and reporting it to the police. There is no shame in the falling victim. Police are here to help, and your reports can assist in taking down criminals, their networks, and their assets.”

The NC3 and Calgary’s police cybercrime team played their part in Europol’s investigation of Goldust, a joint operation led by 17-nation against the REvil/Sodinokibi ransomware family. The Canadian agencies have been a part of this operation since January 2020.

Here are the details of the arrests made in Romania and other countries:

  • According to Europol, Romanian authorities arrested two individuals alleged in cyber-attacks masterminded by the Sodinokibi/REvil ransomware gang. They are suspected of being involved in 5,000 attacks and have taken half a million euros in ransom.
  • This year, South Korea also arrested three members connected to the GandCrab and Sodinokibi/REvil Ransomware groups, which affected more than 1,500 victims.
  • Earlier this month, Kuwaiti authorities also arrested individuals linked to GandGrab.
  • That makes about a total of seven arrests of individuals linked to two ransomware families since February 2021. They have believed to be affected around 7,000 victims combined.