An international investigation has struck a blow against hackers alleged to be behind thousands of ransomware attacks.
Operation GoldDust involved 17 countries - including the US, Britain, Germany, France, the Netherlands, Poland, Romania and Canada - as well as Interpol, Europol and Eurojust, an EU agency dealing with judicial cooperation.
The US Department of Justice announced Monday the capture in Poland of a Ukrainian man suspected of being behind cyberattacks including a major one on US service provider Kaseya.
Hundreds of companies in the US and other countries were attacked with extortion software via a vulnerability at Kaseya in early July.
Europol and Eurojust meanwhile announced the arrest of two people in Romania for allegedly using the same REvil software to carry out attacks.
The suspects stand accused of launching around 7,000 attacks against businesses and organizations, in which software was used to lock up the contents of their computers until they received a payment. They allegedly made off with millions of euros.
The two EU agencies announced another five arrests in other countries in previous days.
Eurojust said the cyberattacks were aimed at a wide range of institutions, including companies, local government, hospitals, schools, universities and courts.
Public institutions, companies
French, German, Romanian and Swiss teams were at the core of the European operation, according to Eurojust.
Interpol noted further arrests in Kuwait and South Korea linked to intelligence sharing through the operation.
Extortion software - known as ransomware - sees hackers encrypt data and then demand money for its release.
The REvil group has carried out major attacks in recent months, and demanded 70 million dollars for a master key to all affected computers in the Kaseya attack.
Because many of Kaseya's affected customers were IT service providers themselves, the effects of the attack were far-reaching.
In Sweden, the supermarket chain Coop was unable to open hundreds of stores because their checkout systems stopped working.
A few weeks earlier, REvil software paralyzed several plants from the world's largest meat group JBS in an attack with a global impact. The hackers collected an 11-million-dollar ransom in cryptocurrencies from the company.
US Attorney General Merrick Garland said at least 200 million dollars in ransoms has been paid so far in attacks using the REvil software.
The US has requested the extradition of the 22-year-old Ukrainian man arrested entering Poland, Garland said.
He said the US Justice Department also seized 6.1 million dollars allegedly captured by a Russian REvil hacker accused of attacking about 3,000 targets with ransomware.
The US State Department on Monday offered a million-dollar reward for tips leading to the identification or arrest of the REvil group's leaders or anyone involved in attacks using the software.
It followed a similar reward days earlier concerning the DarkSide hacking group, which the US believes to be behind an attack on America's biggest gasoline pipeline that temporarily shut down operations completely.
The hackers penetrated the pipelines operator's computer network and demanded a ransom in the millions, which the company paid.