WASHINGTON xe2x80x94 After vowing for months to crack down on ransomware, the Biden administration and allied countries unleashed a string of actions Monday against one of the most prolific hacking groups and also issued sanctions against cryptocurrency entities that allegedly enable such attacks.

European authorities announced that police in Romania and South Korea had arrested five people allegedly associated with the Russia-linked ransomware group commonly known as REvil or Sodinokibi. In the U.S., a Ukrainian national, Yaroslav Vasinkyi, and a Russian national, Yevgeniy Polyanin, were indicted for alleged involvement in REvil ransomware attacks, according to Justice Department court documents unsealed Monday in Dallas.

xe2x80x9cTogether with our partners, the Justice Department is sparing no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack,xe2x80x9d Attorney General Merrick Garland said at a news conference in Washington. xe2x80x9cThe U.S. government will continue to aggressively pursue the entire ransomware ecosystem and increase our nationxe2x80x99s resilience to cyberthreats.xe2x80x9d

While the arrests and associated actions demonstrate a significant capability of governments to disrupt hackers, it remained unclear how much of an impact theyxe2x80x99ll have on preventing future ransomware attacks. Cybersecurity experts warn that hackers operate in loosely affiliated groups, often in countries like Russia where they can evade law enforcement.

Jon DiMaggio, chief security strategist at Analyst1, said the indictments can be important in slowing down groups like REvil. xe2x80x9cBut at the end of the day, there is no shortage of hackers for hire that want to make money by getting in with these guys,xe2x80x9d he said.

xe2x80x9cMaybe theyxe2x80x99ll think for a second longer before they join, if therexe2x80x99s law enforcement action against a specific group. Time will tell,xe2x80x9d he said. xe2x80x9cBut criminals are criminals. Theyxe2x80x99re generally not afraid of law enforcement.xe2x80x9d

In Washington, the Treasury Department announced actions intended to disrupt ransomware attacks and the virtual currency exchanges that launder the illicit proceeds. The State Department offered a reward of as much as $10 million for information leading to the identification or location of REvilxe2x80x99s leaders and as much as $5 million for information leading to the arrest or conviction of individuals who participated in attacks involving REvilxe2x80x99s malware.

xe2x80x9cREvil,xe2x80x9d short for xe2x80x9cRansomware-Evil,xe2x80x9d is known as one of the worldxe2x80x99s most infamous ransomware gangs. The group is accused of staging several attacks this year against major companies and organizations, including Brazilian meat supplier JBS SA and Miami-based technology company Kaseya. JBS paid an $11 million ransom, while Kaseya said it declined to pay the hackers.

In ransomware attacks, hackers encrypt a victimxe2x80x99s files and then demand payment to unlock them. Reported ransomware payments in the U.S. reached $590 million in the first half of 2021, compared with a total of $416 million in a 2020, according to the Treasury Department.

Following a string of high-profile attacks, President Joe Biden vowed to make curbing ransomware a priority for his administration. At a June summit, he warned his Russian counterpart, Vladimir Putin, that Russian hackers should steer clear of 16 critical sectors of the US. economy. Last month, his administration enlisted more than 30 countries in an effort to curb ransomware.

On Monday, Biden said he was following through on his promise to Putin.

xe2x80x9cWe are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals,xe2x80x9d Biden said in a statement.

The arrests by European and South Korean law enforcement involved so-called REvil affiliates. Ransomware groups often provide their malware to others, called affiliates, who then target victims and pay the group a cut of the illicit proceeds. Europol said that law enforcement agencies had identified the alleged affiliates of REvil after seizing infrastructure used by the group and carrying out investigative methods such as wiretapping.

Romanian authorities arrested two alleged affiliates of the group on Thursday, according to a statement released Monday by European law enforcement agency Europol. A further three arrests of REvil suspects were made earlier this year, Europol said.

The arrests stemmed from an international investigation named GoldDust, which involved law enforcement agencies from 17 countries, including the U.S., the U.K., France and Germany. The alleged hackers are suspected of involvement in about 5,000 ransomware infections and received about half a million Euros ($579,000) in ransom payments.

In the Texas indictments, Vasinskyi and Polyanin were charged with conspiracy to commit fraud and money laundering, as well as other computer crimes, in connection with REvil ransomware attacks against several U.S. businesses. Prosecutors allege the two xe2x80x9cknowingly and willfullyxe2x80x9d conspired to intentionally damage computer systems among at least nine firms in seven states.

The Justice Department said Monday it seized $6.1 million in ransom payments tied to Polyanin, and the FBI added a xe2x80x9cwantedxe2x80x9d poster for him to its website.

Polyanin is charged with deploying the first operational version of the Sodinokibi ransomware. He allegedly deployed ransomware on the computer networks of one company and 11 government entities xe2x80x94 tied to multiple municipalities in Texas xe2x80x94 in August 2019, according to court filings. Polyanin allegedly hacked into the network of an unnamed company and then deployed ransomware on its customerxe2x80x99s networks.

Vasinskyi was arrested after traveling to Poland. In December 2019, he allegedly sent a message on a criminal forum to xe2x80x9cUnknown,xe2x80x9d who is believed to be a representative of the REvil ransomware gang. xe2x80x9cHello, this is rabotnik,xe2x80x9d Vasinskyi wrote, according to the court filings. xe2x80x9cI want to return to work.xe2x80x9d Vasinskyixe2x80x99s alleged targets included Kaseya, the Florida based software developer. Prosecutors said the victims in Vasinskyixe2x80x99s attacks have paid more than $2 million in combined ransom.

The government alleges that Vasinskyi and other conspirators authored and deployed the malicious software on computer systems since April 2019. Prosecutors say the attackers infected computers using a swath of tricks, including sending out phishing emails, using compromised remote desktop passwords and exploiting vulnerabilities in software code.

Mondayxe2x80x99s actions include the designation of Chatex, a virtual currency exchange, and its associated support network, for facilitating financial transactions for ransomware actors. Chatex, which claims to have a presence in multiple countries, has facilitated transactions for multiple ransomware variants, according to the Treasury Department. Analysis of Chatexxe2x80x99s known transactions indicate that over half are directly traced to illicit or high-risk activities such as dark net markets, high-risk exchanges, and ransomware.

Law enforcement authorities used the new conference to encourage other companies to quickly report attacks to law enforcement, as Kaseya did, and to praise other countries that aided in the effort. FBI Director Christopher Wray said that the arrests show xe2x80x9cwhatxe2x80x99s possible when federal law enforcement and international law enforcement work together with private sector companies.xe2x80x9d

When asked by a reporter, Garland declined to say whether the Russian government condoned or was aware of the actions taken against the hackers.