For months now, German authorities and the Federal Bureau of Investigations (FBI) have been investigating a mysterious Russian billionaire whom they believe is suspected of participating as one of the main operators of the dangerous REvil ransomware group. The individual boasts an ostentatious life, filled with luxury cars, fine jewelry, rides on his private yacht, and a Bitcoin address that stores millions of dollars.
The Criminal Police Office of the state of Baden-Württemberg assures that this individual, known on social networks as Nikolay K., is a fundamental actor in the operation of this malware variant, also known as Sodinokibi and that operates as a ransomware as a service (RaaS) platform.
REvil is one of the world’s most dangerous ransomware operations, with a casualty list that includes organizations in critical sectors like Kaseya, JBS Foods, and even Apple.
Authorities in Germany expect the suspect to leave Russia on his next vacation so they can apprehend him, although they necessarily need Nikolay K. to be in a country with cooperation agreements in place with Germany to achieve his arrest.
During the investigation, German agents and cybersecurity specialists have spent months analyzing any possible traces of the suspect, mainly on Telegram channels and cryptocurrency exchange platforms. After finding their pseudonym on social media, they identified an email address linked to some Russian-based websites. Experts also found a Telegram account where a Bitcoin address was shared that stored hundreds of thousands of Euros.
For now, researchers are monitoring any platform where even Nicolay K.’s slightest stumble may be found so they can fully follow up. A few days ago the authorities believed they had found a perfect decoy after compromising the Tor website used by this hacking group, although one of the operators of the ransomware managed to alert the rest of its accomplices about the presence of the authorities.
It is clear that this will not be an easy task, since on previous occasions REvil managed to evade justice even before they could identify their members or map their structure. In addition, as Nikolay K. is a Russian citizen, it is believed that it is almost impossible for the authorities of his country to issue an arrest warrant against him.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
