Canadian police played a role in the arrest of suspects tied to ransomware gangs

The RCMP and Calgary police played a role in the investigation leading to the arrest last week in Romania of two people believed to be connected to the Sodinokibi/REvil ransomware operation, joining others arrested earlier this year.

The announcement was the second important strike against those involved in REvil this week. On Monday the U.S. unsealed charges against two people who allegedly deployed the Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.

The two Canadian law enforcement agencies said Monday that the five arrested are suspected of being responsible for 7,000 ransomware infections worldwide, estimating that approximately 600 of them occurred in Canada.

“Though these arrests happened thousands of kilometers away, the crimes these suspects committed had a very real impact on citizens in Calgary, and across Canada,” said Inspector Phil Hoetger of the Calgary Police Service’s technical investigations section. “This operation demonstrates the necessity for law enforcement to work together, share information and pool resources in today’s digital era.”

“No organization can fight cybercrime alone,” said Chris Lynam, director-general of the RCMP’s National Cybercrime Co-ordination Unity (NC3) and Canadian Anti-Fraud Centre. “The NC3 was created to help bring law enforcement and the public and private sectors together to collaborate in combating cybercrime. People and organizations can help too by learning how to protect yourself and reporting it to local police. There is no shame in falling victim. Police are here to help and your reports can assist in taking down criminals, their networks and their assets.”

The NC3 and Calgary’s police cybercrime team led the Canadian part of Europol’s Operation GoldDust, a 17-nation investigation that targeted the REvil/Sodinokibi ransomware family. The Canadian agencies have been working on the operation since January, 2020.

Here’s how the arrests break down:

–Europol said that on November 4th, Romanian authorities arrested two individuals suspected of cyber-attacks deploying the Sodinokibi/REvil ransomware. They are allegedly responsible for 5,000 infections, which in total pocketed half a million euros in ransom payments;

–Also earlier this year South Korea arrested three affiliates involved in the GandCrab and Sodinokibi/REvil ransomware families, which had more than 1,500 victims;

–On November 4th, Kuwaiti authorities arrested another GandGrab affiliate.

This means a total of seven suspects linked to the two ransomware families have been arrested since February 2021. They are suspected of attacking about 7,000 victims in total.

The RCMP said ransomware is rising in Canada. From April 1, 2020 until end of September 2021, the NC3 has received 2,375 requests for operational assistance from domestic and international law enforcement partners, and since the beginning of this fiscal year (April 1), half of those requests have involved ransomware.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now