German authorities and reporters claim to identify core REvil member
A group of cooperating German investigators and journalists claim to have tracked down a key member of the REvil ransomware gang, which has been responsible for a significant number of attacks this year. It remains unclear when or if the investigators will be able to arrest the person in question because they reside in Russia, a government that's been accused of turning a blind eye to ransomware gangs staying within its borders.
According to reports from German news organizations Bayerischer Rundfunk and Die Zeit, the two spent months following the digital trail of Bitcoin and email addresses to establish a connection between ransomware payments and someone they refer to as "Nikolay K." Social media videos from his wife "Ekaterina K." show the couple vacationing in the Mediterranean on expensive yachts. Nikolay's own profile only reveals that he makes money in Bitcoin.
The reporters were able to connect Nikolay K.'s name to Russian websites and phone numbers connected to a Telegram account, which is connected to a Bitcoin address. That Bitcoin address received at least six payments totaling over $450,000 from accounts Zeit says are connected to criminal organizations. Bitcoin payment analysts tell Zeit the payments most likely come from extortion.
