German Police Unmask Two Operators Behind REvil Ransomware Attacks
AI-generated from multiple sources. Verify before acting on this reporting.
BERLIN (AP) — The German Federal Criminal Police Office (BKA) has identified and unmasked two operators responsible for the REvil ransomware group, which carried out more than 130 cyberattacks targeting victims in Germany.
The announcement, made on April 6, 2026, marks a significant development in the ongoing investigation into the criminal network. The BKA stated that the two individuals were linked to a series of sophisticated cyber intrusions that disrupted operations across various sectors within the country.
REvil, also known as Sodinokibi, has been a prominent ransomware-as-a-service group since its emergence in 2019. The group is known for encrypting victims' data and demanding payment for decryption keys, often threatening to leak sensitive information if demands are not met. The attacks attributed to the group in Germany have affected businesses, public institutions, and critical infrastructure, causing significant financial and operational damage.
The BKA did not disclose the identities of the two operators or their current locations. Authorities have not indicated whether arrests have been made or if the suspects are being pursued internationally. The investigation remains active, and officials have not provided details on the methods used to identify the individuals or the extent of their involvement in the broader REvil network.
Cybersecurity experts have long warned about the threat posed by ransomware groups like REvil, which operate across borders and exploit vulnerabilities in digital systems. The group's activities have drawn attention from law enforcement agencies worldwide, including the FBI and Europol, which have collaborated on efforts to dismantle the network.
The identification of the two operators comes amid heightened concerns over the increasing frequency and sophistication of cyberattacks in Europe. German officials have emphasized the need for enhanced cybersecurity measures and international cooperation to combat the threat.
While the BKA has confirmed the identification of the operators, questions remain about the full scope of the group's activities and whether other members of the network are still at large. Authorities have not commented on whether the identification will lead to immediate legal action or if further investigations are required to dismantle the remaining structure of the group.
The case highlights the challenges faced by law enforcement in tracking down cybercriminals who operate anonymously and across multiple jurisdictions. As the investigation continues, officials are expected to provide more details on the next steps and the potential impact of the identification on ongoing efforts to combat ransomware attacks.
For now, the focus remains on preventing further attacks and mitigating the damage caused by the group's activities. The BKA has urged organizations to remain vigilant and implement robust cybersecurity protocols to protect against similar threats.