The Cybercrime Center and the Baden-Württemberg State Office of Criminal Investigation have identified the alleged leader and alleged programmer behind the GandCrab and REvil ransomware groups and issued international arrest warrants. Both suspects are accused of organizing and developing ransomware operations linked to attacks including the 2019 incident against the Württemberg State Theatres; the case was built using cryptocurrency transaction analysis and broad international cooperation. #GandCrab #REvil
Keypoints
- Authorities identified the suspected leader and suspected programmer of the GandCrab and REvil ransomware groups and obtained arrest warrants.
- The two suspects are linked to the 2019 cyberattack on the Württemberg State Theatres in Stuttgart.
- GandCrab operated in 2018–2019, and members are believed to have founded REvil, which conducted attacks through July 2021.
- Both groups ran a Ransomware-as-a-Service model where affiliates breached networks, exfiltrated data, and demanded large ransoms.
- Investigators used cryptocurrency transaction analysis and international law-enforcement cooperation, listed the suspects on EU Most Wanted, and opened public tip channels.