The COVID-19 pandemic triggered an uptick in the number of crybercrimes across the globe, but such crimes have wreaked havoc on major businesses for much longer. A four-year transcontinental operation codenamed Quicksand carried out by 19 law enforcement agencies in 17 countries had a breakthrough. A global network of ransomware cybercrime was dismantled after seven crucial arrests were made by Interpol.

The operation, coordinated from INTERPOL's Cyber Fusion Centre in Singapore, focused on the crimes by major ransomware families, including GandCrab and Revil-Sodinokibi and the suspects behind them. These groups used malware for breaking into business and private networks, then encrypting their files and using that as leverage to blackmail companies and people into paying huge ransom.

Petya ransomware attack

According to Interpol's official statement, the suspects arrested in the operation are suspected to be behind demanding ransom worth more than EUR 200 million and tens of thousands of ransomware infections.

Public-private partnership

The Interpol said that the operation's success was possible through a public and private industry partnership. Companies like Trend Micro, CDI, Kaspersky Lab and Palo Alto Networks also contributed to investigations by sharing information and technical expertise. KPN, McAfee, S2W offered cyber and malware technical expertise to INTERPOL and its member countries. Bitdefender provided tailor-made decryption tools to unlock ransomware and enable victims to recover files, which helped more than 1,400 companies save nearly EUR 475 million in potential ransom.


"Ransomware has become too large of a threat for any entity or sector to address alone; the magnitude of this challenge urgently demands united global action which INTERPOL can uniquely facilitate as a neutral and trusted global partner," said INTERPOL Secretary General Jürgen Stock.

"Policing needs to harness the insights of the cyber security industry to identify and disrupt cyber criminals as part of a true coalition, working together to reduce the global impact of ransomware cybercrime," added the Secretary General.

According to Chainalysis, cybercriminals made $350 million in 2020 from ransomware payouts, which is a 311 percent spike in one year. Operation Quicksand is not done yet, as it continues to crack down on ransomware crimes and cryptocurrency laundering by providing evidence for further investigations.

INTERPOL's private partners and member countries work together to provide support to victims hit by the ransomware. Participating countries included Australia, Belgium, Canada, France, Germany, The Netherlands, Luxembourg, Norway, Philippines, Poland, Romania, South Korea, Sweden, Switzerland, Kuwait, the United Kingdom and The United States.

Crucial arrests made globally

Here's a highlight of crucial arrests that were made with the help of intelligence that was exchanged during the operation:

  1. Korean law enforcement arrested three suspects in February, April and October
  2. Kuwaiti authorities arrested a man thought to have carried out ransomware attacks using the GandGrab ransomware
  3. Romanian authorities arrested two individuals suspected of ransomware cyber-attacks and believed to be responsible for 5,000 infections as well as half a million euros profit in ransom payments
  4. Man believed to be responsible for the Kaseya ransomware attack, thought to have been carried out last July by the REvil gang with more than 1,500 people and 1,000 businesses affected worldwide was also arrested.