Ukrainian authorities have arrested the alleged masterminds behind a ransomware attack that hit Kaseya, an IT services company. The suspects are believed to be connected with Russian cyber-criminals and were caught in Kiev.

The kaseya ransomware breach is an attack that occurred on May 12, 2017. It was the largest ransomware attack in history.

Two ransomware operators renowned for their extortion demands of between €5 and €70 million were detained in Kyiv, Ukraine on September 28 in a coordinated operation involving the French National Gendarmerie, the Ukrainian National Police, and the FBI. The operation was carried out with the assistance of Europol and INTERPOL.

The arrest resulted in seven house searches, the seizure of US$ 375,000 in cash, two luxury cars worth €217,000, and the sealing of assets worth $1.3 million in cryptocurrency. 

One of the suspects, a 25-year-old man, is thought to be a key figure in a major ransomware operation. Officials refused to say if the suspect is linked to any ransomware group, citing an ongoing investigation. Security experts believe the two suspects are members of the REvil ransomware group, which made news lately for its assault on Kaseya.

That seems like #REvil #ransomware to me. The #Kaseya ransom demand was reportedly $70 million, and the ordinary individual would believe REvil began in April 2020, coincidentally with the famous Grubman Shire Meiselas & Sacks breach.

October 4, 2021 — GarWarner (@GarWarner)

What caused the outage on Facebook, Instagram, and WhatsApp?

From April 2020 onwards, the ransomware gang is accused of launching a series of targeted assaults on major industrial groups in Europe and North America, according to Europol.

According to Ukrainian officials, the suspect is suspected of being responsible for assaults on more than 100 businesses in North America and Europe, resulting in losses of more than $150 million. Well-known energy and tourist businesses, as well as technology innovators, were among the targets.

Officials from Ukraine examine one of the computers discovered at the suspect’s home. | Source: Ukraine Cyber Police

The two people were identified in Ukraine after the relevant law enforcement agencies collaborated with Europol’s Joint Cybercrime Action Taskforce.

The operation included six French Gendarmerie investigators, four FBI agents, a prosecutor from the Paris Prosecution Office, two Europol experts from the European Cybercrime Centre (EC3), and one INTERPOL officer in total.

Europol’s cybercrime experts convened 12 coordination sessions to bring all organizations together in preparation for the “action day.” They also helped with analysis, malware, forensics, and crypto-tracing. Europol also established a virtual command post to guarantee cooperation amongst the agencies involved, with the whole operation taking place inside the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

In addition, Ukrainian authorities have released a video of one of the home searches, which shows police officers rummaging through unsecured laptops and tablets, implying that the agencies involved may have access to sensitive material that may aid in future arrests. 


Clubhouse’s app now includes global search, clips, replay, and spatial audio.


When he’s not writing/editing/shooting/hosting all things tech, he streams himself racing virtual automobiles. Yadullah may be reached at [email protected], or you can follow him on Instagram or Twitter.

The revil kaseya is a ransomware attack that has been ongoing for some time. Ukrainian law enforcement agencies have arrested the suspects involved in the attack.

Related Tags

  • vsa ransomware attack
  • revil ransomware
  • happy blog revil
  • msp ransomware attack
  • revil attack